spotify
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill promotes the use of piped shell execution from an unverified remote source. This allows for arbitrary code execution on the user's machine without inspection.
- Evidence:
curl -sSL https://canifi.com/skills/spotify/install.sh | bashfound inSKILL.md. - Evidence:
curl -sSL https://canifi.com/install.sh | bashfound inSKILL.md. - [CREDENTIALS_UNSAFE] (HIGH): The skill documentation instructs users to store plain-text passwords in environment variables and proposes automated access to iMessage for 2FA codes.
- Evidence: Use of
canifi-env set SERVICE_PASSWORD "your-password". - Evidence: Reference to 'Handle 2FA if enabled (via iMessage)' suggests scripts have read access to private messaging.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell commands for setup and environment management, which can be leveraged for further privilege escalation if the remote scripts are compromised.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted external data from the Spotify web interface to automate login and 2FA.
- Ingestion points: Spotify login page and iMessage notifications.
- Boundary markers: None identified.
- Capability inventory: Shell execution via
bash, browser automation via Playwright. - Sanitization: No sanitization logic for web-scraped content mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/spotify/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata