spotify-player
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'spogo' binary from a non-standard third-party Homebrew tap ('steipete/tap'). This source is not part of the verified trusted organizations list, posing a risk of unverifiable dependency code.
- [COMMAND_EXECUTION]: The skill uses subprocess execution to call 'spogo' and 'spotify_player' for Spotify management and playback operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect command injection because it interpolates user-provided search queries directly into shell command strings without sanitization or protective boundary markers.
- Ingestion points: User search queries in the 'spogo search track' and 'spotify_player search' commands.
- Boundary markers: None identified; commands are executed using direct string interpolation.
- Capability inventory: Capability to execute arbitrary CLI commands via shell escaping.
- Sanitization: No validation or escaping of input characters is implemented.
- [DATA_EXFILTRATION]: The skill documentation encourages the use of 'spogo auth import --browser chrome', a command that extracts sensitive browser session cookies. This exposes private authentication data to the agent's operating context, which could lead to unauthorized data access if the environment is compromised.
Audit Metadata