strava
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides instructions to install the tool by downloading shell scripts from the author's GitHub repository and piping them directly to the shell. This is a common but sensitive pattern. Evidence found in README.md and SKILL.md pointing to https://raw.githubusercontent.com/eddmann/strava-cli/main/install.sh.
- [EXTERNAL_DOWNLOADS]: The installation script install.sh identifies and downloads pre-built binaries from GitHub releases to the user's local bin directory. This behavior is documented and expected for this type of CLI utility.
- [PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection because it ingests data from the Strava API (such as activity names and descriptions) which can contain arbitrary strings. This data is then provided to the agent.
- Ingestion points: API calls in src/strava_cli/client.py like get_activities and get_athlete.
- Boundary markers: Absent in the skill definition (SKILL.md).
- Capability inventory: The skill has the ability to create, update, delete activities, and upload files (src/strava_cli/client.py).
- Sanitization: No sanitization of API data is performed before output.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/${REPO}/main/install.sh, https://raw.githubusercontent.com/eddmann/strava-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata