garmin
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements secure credential storage by saving Garmin account details and OAuth tokens in a dedicated directory (~/.garmin) with restricted file permissions (chmod 600). This ensures that sensitive information is not exposed to other users or unauthorized processes on the system.\n- [PROMPT_INJECTION]: The skill retrieves and displays data from Garmin Connect APIs, establishing a surface for indirect prompt injection.\n
- Ingestion points: Data is ingested from external Garmin API endpoints in the garmin_health.py, garmin_sleep.py, and garmin_activities.py scripts.\n
- Boundary markers: API content is interpolated into markdown summaries without specific delimiters or instructions to prevent the agent from executing commands embedded in the data.\n
- Capability inventory: The skill utilizes the garminconnect library for network operations and has the ability to write markdown files to the local file system using garmin_snapshot.py and garmin_rollup.py.\n
- Sanitization: The scripts normalize metrics (e.g., heart rate, duration) but do not perform sanitization on text-based API fields like activity names to filter out potential malicious instructions.
Audit Metadata