tl-live-music-data
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents and encourages the retrieval of artist, event, and setlist data from numerous well-known music services including MusicBrainz, JamBase, Setlist.fm, Ticketmaster, and others. All referenced domains are established and reputable in the music industry.
- [COMMAND_EXECUTION]: Provides example shell commands for using the 'firecrawl' CLI tool to perform web scraping as a fallback for missing API data. These examples are illustrative and intended for project-specific data retrieval.
- [DATA_INJECTION]: The skill identifies the risk of indirect prompt injection (IPI) from third-party API responses and scraped content. It provides explicit handler rules (e.g., stripping imperative-voice content, sanitization, and user confirmation for writes) to prevent untrusted data from being executed as instructions.
- [CREDENTIALS_SAFE]: Instructs the agent to use environment variables for managing sensitive API keys for the various services, following standard secret management best practices. No hardcoded secrets were detected.
Audit Metadata