oura-ring
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Command Execution] (SAFE): The skill executes a local Python script
sync_oura.pyviauvto perform data synchronization. This is the intended primary purpose of the tool.\n- [Data Exposure & Exfiltration] (SAFE): TheOURA_TOKENis managed as a secret environment variable and correctly defined as a secret in theSKILL.mdmetadata, preventing accidental leakage.\n- [Indirect Prompt Injection] (LOW): The skill ingests data from an external API, creating a surface for indirect prompt injection.\n - Ingestion points: External health data is retrieved via API and written to markdown files in
{baseDir}/health/.\n - Boundary markers: Absent; no delimiters or instructions to ignore embedded content are mentioned in the documentation.\n
- Capability inventory: The skill allows the agent to read generated health files and execute the local sync script via
uv.\n - Sanitization: Absent; no validation or escaping of the ingested API data is specified.\n- [Persistence Mechanisms] (SAFE): The recommendation to use
cronfor scheduling updates is a legitimate use of persistence for data synchronization and is explicitly documented for user transparency.
Audit Metadata