Download and parse FIT file for an activity to expose advanced cycling data. Returns data not available through the standard REST API, including: - DI2 / electronic shifting events with cadence at time of shift, grade at shift, gear combinations, shift quality classification, and terrain-grouped ...
AI agents call get_activity_fit_data to retrieve information from Garmin MCP Server without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool performs data retrieval and analysis only. It accesses existing FIT files and extracts/parses cycling telemetry data for presentation to the user. No data is created, modified, deleted, or used to trigger external operations. The blast radius of misuse is minimal—an attacker could only exfiltrate a user's fitness metrics, not alter them or cause irreversible harm.
From the tool's definition The tool "Download and parse FIT file for an activity to expose advanced cycling data" retrieves and exposes fitness metrics (DI2 events, cycling dynamics, power data, climb detection) from Garmin Connect.
Documented attack patterns abuse exactly the kind of access get_activity_fit_data gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Garmin MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for get_activity_fit_data:
{
"version": "1",
"default": "deny",
"tools": {
"get_activity_fit_data": {}
}
}get_activity_fit_data is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Download and parse FIT file for an activity to expose advanced cycling data. Returns data not available through the standard REST API, including: - DI2 / electronic shifting events with cadence at time of shift, grade at shift, gear combinations, shift quality classification, and terrain-grouped shift analysis - Cycling dynamics per session and lap: platform center offset (PCO), left/right power balance, torque effectiveness, pedal smoothness - Variability Index (NP / avg_power) per session and lap - Climb detection with VAM (vertical ascent rate), avg power/cadence/HR per climb, and W/kg per climb (using auto-fetched body weight from Garmin) - Grade-correlated stats: avg power, cadence, HR broken down by terrain steepness - HR drift / cardiac drift coefficient (aerobic decoupling for rides ≥60 min) - Temperature correlation: avg HR/power in hottest vs. coolest portions of ride - Power Duration Curve: best mean maximal power at 5s, 30s, 1min, 5min, 10min, 20min, 60min - Optional full per-second time series when include_records=True Shift quality: - proactive: shifted at 70-100 rpm (ideal cadence range) - reactive: shifted below 70 rpm (already grinding before shifting) - coasting: shifted at 0 rpm (mid-stop or freewheeling) - spun_out: shifted above 100 rpm (waited too long in easy gear) Note: DI2 data requires Shimano Di2 / SRAM eTap. Cycling dynamics require a compatible power meter (e.g., Garmin Rally, Favero Assioma, PowerTap P1 pedals). Args: activity_id: Garmin activity ID include_records: Include full per-second time series (default False). Warning: adds significant data volume for long rides. It is categorised as a Read tool in the Garmin MCP Server MCP Server, which means it retrieves data without modifying state.
Register the Garmin MCP Server MCP server in PolicyLayer and add a rule for get_activity_fit_data: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Garmin MCP Server. Nothing to install.
get_activity_fit_data is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the get_activity_fit_data rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_activity_fit_data. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_activity_fit_data is provided by the Garmin MCP Server MCP server (taxuspt/garmin_mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 126 Garmin MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
126 Garmin MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.