apple-music
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through music metadata.\n
- Ingestion points: Metadata such as song titles, artist names, and playlist names are fetched from the Apple Music API in
apple-music.sh.\n - Boundary markers: Absent. The skill does not use delimiters or instructions to separate external metadata from agent-facing prompts.\n
- Capability inventory: The skill can control the macOS Music app via
osascriptand interact with the MusicKit API viacurl.\n - Sanitization: Absent. Data returned from the API is presented to the agent without validation or escaping.\n- [COMMAND_EXECUTION]: Dynamic script generation based on user input in
apple-music.sh.\n - The
cmd_playerfunction constructs AppleScript strings by interpolating unvalidated user input (song and playlist names) directly into commands forosascript. This represents a code injection surface that could allow malicious input to alter the script's logic, although the impact is restricted to the Music application's scope.
Audit Metadata