Oathe Security Badge

Is nftechie/garmin-skill safe?

https://github.com/nftechie/garmin-skill

98
SAFE

This skill is a clean API documentation wrapper for accessing Garmin fitness data through the transition.fun service. The skill contains no malicious code, prompt injection attempts, or data exfiltration behavior.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

INFO Third-party API integration required -5

This skill integrates with transition.fun, a third-party fitness data service. Users must create an account and API key with this external service to use the skill functionality.

INFO Canary file access observed -5

Monitoring detected access to canary files (.env, SSH keys, AWS credentials), but this appears to be normal monitoring system behavior occurring before skill installation.