garmin-connect

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is a direct raw GitHub link to an install.sh script (intended to be piped into sh with curl), which is effectively an executable from a third‑party repository and therefore high‑risk because it can run arbitrary code and the source/maintainer trust and integrity cannot be guaranteed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the garminconnect API (e.g., via src/garmin_connect_cli/client.py and the context command in src/garmin_connect_cli/commands/context.py and activities/health commands) to fetch user-generated Garmin Connect data (activities, sleep, heart rate, etc.) and returns that third-party content for LLM consumption, exposing the agent to potentially untrusted user-generated content.