coach
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
npxto run theclaude-coachutility for authentication, data synchronization, database querying, and HTML rendering. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theclaude-coachpackage from the NPM registry to perform its core functions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external sources (Strava) which is then stored in a local SQLite database (
coach.db) and queried by the agent. - Ingestion points: Training data queried from
~/.claude-coach/coach.dbusing thenpx claude-coach querycommand. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions potentially embedded in the workout names or notes.
- Capability inventory: The agent can execute shell commands via
npxand has read/write access to the home directory for managing the training database and output files. - Sanitization: No sanitization or validation of the data retrieved from the database is mentioned before it is processed by the agent.
Audit Metadata