endurance-coach
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill relies on 'npx -y endurance-coach@latest', which downloads and executes arbitrary code from an untrusted npm package at runtime. This pattern is found across multiple files including reference/queries.md and reference/assessment.md.
- [PROMPT_INJECTION] (HIGH): Highly vulnerable to Indirect Prompt Injection (Category 8). The agent ingests activity names and descriptions from Strava (reference/schema.md) and uses them to formulate training assessments (reference/assessment.md). There are no sanitization steps or boundary markers to prevent the agent from following instructions embedded in an athlete's Strava activity description.
- [COMMAND_EXECUTION] (MEDIUM): The tool provides an advanced 'query' command (reference/queries.md) allowing the agent to execute raw SQL against the athlete's local SQLite database, which could be exploited to expose sensitive data if the agent is manipulated.
- [EXTERNAL_DOWNLOADS] (LOW): The skill has a runtime dependency on the 'endurance-coach' package from the npm registry. While npx is a standard tool, the package source is not within the verified trust scope.
Recommendations
- AI detected serious security threats
Audit Metadata