pp-spotify
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the core binary using the
npxcommand from the vendor's npm package@mvanhorn/printing-pressduring the setup phase. - [DATA_EXFILTRATION]: Provides a
--deliver webhook:<url>flag that allows the agent to POST command output (which may contain user profile information, library details, or listening history) to arbitrary external URLs. - [DATA_EXFILTRATION]: Includes a
feedbackcommand capable of transmitting data to a remote endpoint if theSPOTIFY_FEEDBACK_ENDPOINTenvironment variable is configured. - [CREDENTIALS_UNSAFE]: Provides instructions for the manual configuration and export of sensitive
SPOTIFY_CLIENT_IDandSPOTIFY_SECRETcredentials and persists authentication tokens in the local file~/.config/spotify-pp-cli/token.json. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill ingests untrusted data from the Spotify Web API (such as playlist names, track metadata, and artist descriptions) which could contain instructions designed to influence the agent's behavior.
- Ingestion points: Processes external content via commands like
me get-users-top-tracks,search, andplaylists get. - Boundary markers: Absent. No instructions are provided to the agent to distinguish between music metadata and operational instructions.
- Capability inventory: The toolset includes file system writes (
--deliver file) and network operations (--deliver webhook), which could be abused if an injection is successful. - Sanitization: No sanitization or validation of ingested metadata is mentioned before it is interpolated into subsequent command arguments or agent responses.
Audit Metadata