sonoscli
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration performs an automated installation of a Go module from a personal GitHub repository (github.com/steipete/sonoscli) which is not on the trusted vendors list.
- [COMMAND_EXECUTION]: The skill is designed to execute the sonos binary with various command-line arguments to interact with hardware on the local network.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from local network devices (via ingestion points like 'sonos status', 'sonos favorites list', and 'sonos queue list'). There are no boundary markers or sanitization procedures defined to prevent the agent from processing instructions that might be hidden in device names or media metadata. The skill's primary capability is the execution of subprocess commands based on this untrusted input.
- [CREDENTIALS_UNSAFE]: The documentation references the requirement for sensitive credentials (SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET) to be stored in environment variables for certain features.
Audit Metadata