strava-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill utilizes dynamic tool discovery, which presents a surface for indirect instructions.
- Ingestion points: Tool schemas and metadata are fetched via RUBE_SEARCH_TOOLS from the rube.app endpoint.
- Boundary markers: No specific boundary markers or instruction-guarding delimiters are defined for the tool responses.
- Capability inventory: The skill possesses capabilities to execute Strava API actions via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
- Sanitization: No explicit sanitization or validation of the remote tool definitions is mentioned in the skill instructions.
- External Dependencies (SAFE): The skill requires connecting to https://rube.app/mcp as an external MCP server. While this is an external dependency, it is a known service provider for the functionality described and does not involve immediate malicious execution patterns.
Audit Metadata