garmin-health-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs storing plaintext credentials in config files and passing email/password on the command line (e.g., --password), which would require the agent to place secret values verbatim into generated commands or config snippets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user data from the third‑party Garmin Connect service using the garminconnect library (see SKILL.md and scripts like scripts/garmin_data.py, scripts/garmin_activity_files.py, scripts/garmin_query.py), and that untrusted third‑party content (JSON, FIT/GPX files) is read and interpreted by the agent to drive analyses, charts, downloads, and recommendations—so external content can materially influence agent actions.