strava

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The URL points to a raw GitHub-hosted shell installer (install.sh) meant to be piped to sh; executing remote .sh files is high-risk because they can run arbitrary commands — even from GitHub you should inspect the script and prefer vetted package sources or release artifacts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's context and activity commands (see src/strava_cli/commands/context.py and src/strava_cli/commands/activities.py, and documented in SKILL.md/README.md) explicitly fetch user/club activities, comments, and other Strava API data — user-generated, third‑party content — and return it as aggregated LLM context that the agent is expected to read and act on, so that arbitrary third‑party text could materially influence subsequent tool use or decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README/instructions run curl -fsSL https://raw.githubusercontent.com/eddmann/strava-cli/main/install-skill.sh | sh (which itself downloads https://raw.githubusercontent.com/eddmann/strava-cli/main/SKILL.md into agent skill folders), so remote content is fetched and installed at runtime and the SKILL.md directly supplies agent-facing instructions/prompts — satisfying the criteria for a runtime external dependency that controls prompts/executes code.