The Agent Skills Directory

[SAFE]: No security threats were identified in the skill. The instructions are focused on media playback control and discovery using local repository tools.
[CREDENTIALS_UNSAFE]: The skill includes instructions to manage authentication via environment variables or the 1Password CLI (op). These are standard secure practices for handling sensitive credentials in a developer environment and do not constitute a security violation.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external data such as YouTube URLs and music metadata. While this represents a potential surface for indirect prompt injection, the skill relies on existing local extraction workflows and does not provide an exploitable path for malicious instructions to influence the agent's core behavior beyond its intended purpose.

sonos