spotify
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqcommands inSKILL.mdto communicate with the Spotify API and parse responses. This is the intended behavior for the music streaming management functionality. - [DATA_EXFILTRATION]: The skill transmits the
SPOTIFY_TOKENtoapi.spotify.comfor API authentication. This is an authorized transmission to a well-known service and follows standard security practices for token usage. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through data processed from the Spotify API. Ingestion points: API responses (such as track names, artist names, and playlist descriptions) from
api.spotify.comprocessed inSKILL.md. Boundary markers: None identified. Capability inventory: Shell command execution (curl,jq) and file system writes (/tmp/) defined inSKILL.md. Sanitization: No sanitization or filtering of external API content is implemented before it is returned to the agent context.
Audit Metadata