pp-strava

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the strava-pp-cli binary to manage Strava activities, calculate training loads, and query athlete data.
  • [EXTERNAL_DOWNLOADS]: Provides instructions to install the strava-pp-cli tool via npm (@mvanhorn/printing-press-library) or Go (github.com/mvanhorn/printing-press-library). These resources are provided by the skill's author/vendor.
  • [DATA_EXFILTRATION]: Includes a --deliver webhook:<url> flag that allows the agent to POST command results to an external, potentially attacker-controlled, URL.
  • [DATA_EXFILTRATION]: Features a feedback mechanism (strava-pp-cli feedback) that can be configured to automatically send data to a remote endpoint via the STRAVA_FEEDBACK_ENDPOINT environment variable.
  • [DATA_EXFILTRATION]: Manages sensitive Strava OAuth2 credentials and stores access tokens locally at ~/.strava-pp-cli/.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the skill ingests and displays content from the Strava API (such as activity descriptions or gear names) which may contain malicious instructions targeting the agent.
  • Ingestion points: Fetches data from external Strava API endpoints via strava-pp-cli athlete get-logged-in-activities and activities get-activity-by-id (SKILL.md).
  • Boundary markers: None identified in the prompt logic to differentiate between system instructions and Strava data.
  • Capability inventory: Shell command execution, local file writing (--deliver file:<path>), and network POST requests (--deliver webhook:<url>).
  • Sanitization: No evidence of input validation or sanitization for data retrieved from the Strava API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 12:58 AM
Security Audit — agent-trust-hub — pp-strava