save-to-spotify
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute an installation script (
install.sh) fromsaveto.spotify.com, which is a subdomain of a well-known service (Spotify). \n - Evidence:
SKILL.mdandreferences/cli-usage.mdcontaincurl -fsSL https://saveto.spotify.com/install.sh | bash.\n- [COMMAND_EXECUTION]: The skill requires the use of several CLI tools and shell commands for its core functionality.\n - The skill uses
ffmpegandffprobefor audio concatenation, normalization, and metadata extraction (references/audio-providers.md).\n - The skill uses
sudoto move the downloaded binary to/usr/local/binduring the installation process (references/cli-usage.md).\n- [EXTERNAL_DOWNLOADS]: The skill fetches resources from external repositories and CDNs.\n - Downloads font files from Google's official GitHub repository (
google/fonts) andJulietaUla/Montserrat(references/cover-image.md).\n - Fetches template artwork from a well-known service CDN (
save-to-spotify.spotifycdn.com).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from various source URLs to generate audio scripts.\n - Ingestion points: Processes external web content and user-provided files (
SKILL.md).\n - Boundary markers: The skill uses a 'User Interview' checkpoint and a 'Plan confirmation' step to allow the user to review the intended output before final production.\n
- Capability inventory: The skill can execute subprocesses (
ffmpeg,ffprobe,save-to-spotify), perform network uploads, and write files to disk.\n - Sanitization: Includes a specific 'Text sanitization for TTS' step to strip markdown and metadata artifacts from processed text (
references/audio-providers.md).
Audit Metadata