strava
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests user-generated Strava content via the Strava API (e.g., "https://www.strava.com/api/v3/athlete/activities" and activity detail endpoints shown in SKILL.md), and the agent is expected to read and analyze those activities/workout fields, so untrusted third‑party text could influence decisions or actions.
Audit Metadata