apple-music
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it processes untrusted user input within its core commands.
- Ingestion points: The
search,song, andplaylists createcommands accept arbitrary strings from users or external data sources. - Boundary markers: The skill documentation does not specify the use of delimiters or 'ignore' instructions to separate user input from system logic.
- Capability inventory: The skill possesses significant capabilities, including network operations via
curl, process execution vianode, and local script execution throughapple-music.sh. - Sanitization: There is no evidence of input sanitization or validation mechanisms for the parameters passed to the Apple Music API.
- [CREDENTIALS_UNSAFE]: The skill requires the management of sensitive authentication material to function.
- Evidence: The setup process requires users to provide an Apple Developer Team ID, Key ID, and a
.p8private key file, which are stored in a localconfig.jsonfile for persistent API access.
Audit Metadata