pp-strava
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
strava-pp-clibinary to manage Strava activities, calculate training loads, and query athlete data. - [EXTERNAL_DOWNLOADS]: Provides instructions to install the
strava-pp-clitool via npm (@mvanhorn/printing-press-library) or Go (github.com/mvanhorn/printing-press-library). These resources are provided by the skill's author/vendor. - [DATA_EXFILTRATION]: Includes a
--deliver webhook:<url>flag that allows the agent to POST command results to an external, potentially attacker-controlled, URL. - [DATA_EXFILTRATION]: Features a feedback mechanism (
strava-pp-cli feedback) that can be configured to automatically send data to a remote endpoint via theSTRAVA_FEEDBACK_ENDPOINTenvironment variable. - [DATA_EXFILTRATION]: Manages sensitive Strava OAuth2 credentials and stores access tokens locally at
~/.strava-pp-cli/. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the skill ingests and displays content from the Strava API (such as activity descriptions or gear names) which may contain malicious instructions targeting the agent.
- Ingestion points: Fetches data from external Strava API endpoints via
strava-pp-cli athlete get-logged-in-activitiesandactivities get-activity-by-id(SKILL.md). - Boundary markers: None identified in the prompt logic to differentiate between system instructions and Strava data.
- Capability inventory: Shell command execution, local file writing (
--deliver file:<path>), and network POST requests (--deliver webhook:<url>). - Sanitization: No evidence of input validation or sanitization for data retrieved from the Strava API.
Audit Metadata