oura
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed with safety in mind, utilizing only Python's standard library to interact with the official Oura API, which eliminates third-party dependency risks.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests data from an external source (the Oura API) and stores it in markdown files for the agent to interpret. If the external data contains instructions, the agent might follow them during the analysis phase.\n
- Ingestion points: The
scripts/sync.pyscript retrieves health metrics (sleep, activity, stress) from the official Oura API v2.\n - Boundary markers: The generated markdown files in the
health/directory lack delimiters or system-level instructions to ignore potential commands embedded in the data.\n - Capability inventory: The skill can execute local Python scripts to write files and performs read operations on the synced markdown files.\n
- Sanitization: There is no sanitization or validation of the text content received from the API before it is written to the filesystem.
Audit Metadata