intervals-icu
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with the external domain
intervals.icuviascripts/api.sh. This network activity is the primary purpose of the skill and is required to synchronize athlete data. Credentials are handled securely through environment variables and sent only to the official API endpoint using standard Basic Authentication headers. - [PROMPT_INJECTION]: Assessment of the indirect prompt injection surface:
- Ingestion points: Training data, including activity names and descriptions, are retrieved from the Intervals.icu API and presented to the agent.
- Boundary markers: Data is processed without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can perform network operations and local script execution to update fitness profiles.
- Sanitization: Responses are parsed for structural validity using
jq, though natural language content is processed without additional filtering for potential instruction-based attacks.
Audit Metadata