Skills
skills/termix-official/cryptoclaw/spotify-player/Gen Agent Trust Hub

spotify-player

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to interact with the host system by executing terminal-based commands via the spogo and spotify_player binaries.
  • [EXTERNAL_DOWNLOADS]: The installation metadata references third-party software provided via Homebrew and a personal GitHub tap (steipete/tap) for the spogo tool.
  • [CREDENTIALS_UNSAFE]: Includes documentation for the spogo auth import command, which allows users to import browser cookies into the CLI tool for authentication purposes. This involves the movement of sensitive session data into the tool's environment.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through user-provided search queries. Ingestion points: Track search queries processed via spogo search or spotify_player search. Boundary markers: Absent. Capability inventory: Subprocess execution of the search command. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:15 AM