endurance-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to authenticate/sync with Strava and fetch activity/lap data (see SKILL.md "If Strava: ... run sync" and reference/queries.md activity <id> --laps), so it ingests user-generated third‑party content from Strava which the agent reads and uses to drive coaching decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly instructs runtime use of "npx -y endurance-coach@latest" (which fetches and executes remote package code from the npm registry at runtime, e.g., for render/schema/templates), so it relies on external code fetched+run during execution.