garmin-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches user-generated/profile/activity data from connectapi.garmin.com (and also fetches consumer creds from thegarth.s3.amazonaws.com), and its required workflow (SKILL.md + scripts/garmin.ts) directs the agent to parse and reason over those JSON responses (e.g., activityName, sleepScores, profile.displayName), so untrusted third-party/user-generated content is ingested and can materially influence the agent's answers and next actions.