The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Communicates exclusively with official Spotify domains (api.spotify.com and accounts.spotify.com) for authentication and playback control.
[COMMAND_EXECUTION]: Uses common system utilities (curl, jq, nc, openssl) to handle API requests and local OAuth callbacks.
The spotify-auth.sh script uses nc (netcat) to listen on a local port (17823) for the OAuth redirect, which is a standard pattern for command-line OAuth implementations.
[DATA_EXFILTRATION]: Accesses authentication tokens and credentials stored in ~/.config/spotify/. The scripts correctly use chmod 600 to restrict access to these files to the current user.
[PROMPT_INJECTION]: The SKILL.md file contains only functional instructions for controlling Spotify and does not include any patterns typical of prompt injection or safety bypass attempts.
[REMOTE_CODE_EXECUTION]: No remote code execution or dynamic script evaluation was detected. Commands are executed through local scripts with static templates.

spotify