hevy
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill uses standard command-line tools to provide integration with a legitimate third-party fitness service.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official Hevy API at
api.hevyapp.com. This is a well-known service and the communication is essential for the skill's functionality. No connections to unknown or suspicious third-party domains were found. - [COMMAND_EXECUTION]: The CLI tool uses common system utilities including
curlfor API requests,jqfor JSON processing, andsqlite3for local data caching. These operations are performed on the user's local machine using established shell scripting patterns. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted workout plans (text, PDF, or images). This risk is addressed through the following architecture:
- Ingestion points: Program descriptions processed by the agent in
SKILL.md. - Boundary markers: The skill uses explicit instructions and structural rules in
SKILL.mdto guide the agent in generating valid routine JSON. - Capability inventory: The skill can create and update routines via API calls initiated from
lib/api.sh. - Sanitization: The
validate_routine_jsonfunction inlib/common.shvalidates the final JSON structure and checks for characters like@that are known to cause API errors, providing a layer of input validation before the data is sent to the remote server.
Audit Metadata