whoop
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard OAuth 2.0 procedures to authenticate with the official WHOOP API endpoints.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The skill fetches wellness metrics (Recovery, Sleep, Strain) from the WHOOP API.
- Boundary markers: None explicitly mentioned in instructions.
- Capability inventory: The skill processes data to provide suggestions; no high-risk system capabilities are invoked in the provided code.
- Sanitization: Not explicitly shown in the provided files, though health metrics present a negligible injection risk.
- [COMMAND_EXECUTION]: Documentation provides standard Node.js commands for the user to initialize authentication and execute the daily check-in script.
Audit Metadata