endurance-coach
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill frequently invokes
npx -y endurance-coach@latestto execute various subcommands. This pattern downloads and runs the latest version of the package from the NPM registry at runtime without version pinning, which introduces a supply chain risk. - [COMMAND_EXECUTION]: The skill provides the agent with a
querycommand capable of executing arbitrary SQL against the localcoach.dbdatabase. While intended for advanced analysis, this provides a powerful data access vector that could be exploited. - [EXTERNAL_DOWNLOADS]: Core functionality of the skill is dependent on fetching the
endurance-coachpackage from the public NPM registry. This external dependency is used for data assessment, load management calculations, and HTML rendering. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its processing of external training data from Strava.
- Ingestion points: Athlete activity data (names, descriptions, and metadata) stored in the
coach.dbdatabase, populated via Strava sync. - Boundary markers: None identified; the skill instructions focus on structured output (YAML/HTML) but do not define delimiters or warnings for ingested data.
- Capability inventory: Includes shell command execution via npx and arbitrary SQL querying.
- Sanitization: No data validation or sanitization steps are defined for the imported athlete activity history.
Audit Metadata