strava
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
refresh_token.shhelper script prints the updatedaccess_tokenandrefresh_tokendirectly to the standard output. If an AI agent executes this script, these sensitive credentials may be recorded in conversation logs or history. - [COMMAND_EXECUTION]: The skill relies on shell command execution via
curland a provided bash script to interact with the Strava API. While these are used for intended functionality, they represent a surface for potential exploitation if inputs were to be dynamically modified. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes activity names and descriptions from the Strava API, which could be manipulated by an attacker to influence the agent's behavior.
- Ingestion points: API responses fetched via
curlinSKILL.md(e.g., activity lists and details). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill's data-processing instructions.
- Capability inventory: Execution of shell commands (
curl,grep,sed,awk) and access to the skill's configuration file. - Sanitization: No evidence of input validation or escaping for data retrieved from the Strava API.
Audit Metadata