nutritional-specialist
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads dietary and health preferences from a local JSON file and displays them to the agent, creating a surface for embedded instructions. 1. Ingestion points: Data is read from
~/.claude/nutritional_preferences.jsonviascripts/preferences_manager.py. 2. Boundary markers: Absent; user content is displayed in a plain text list format. 3. Capability inventory: Negligible; the main JavaScript entry point is a skeleton implementation. 4. Sanitization: None; input from the JSON file is used directly in the display output. - Data Exposure (INFO): The skill records PII including health conditions and allergies in the user's home directory. While appropriate for the skill's function, this storage should be considered sensitive.
Audit Metadata