fitness-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from multiple sources.
- Ingestion points: The skill reads data from
data/fitness-logs/,data/hypertension-tracker.json,data/diabetes-tracker.json, anddata/profile.json. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the health data logs.
- Capability inventory: The skill is authorized to use
Read,Grep,Glob, andWritetools. - Sanitization: Absent. There is no logic provided to sanitize or validate the content of the JSON files before processing.
- Risk: An attacker who can modify a user's exercise logs could embed malicious instructions that the agent might execute, potentially using the
Writetool to corrupt other local data. - DATA_EXPOSURE (SAFE): While the skill accesses sensitive health files, this behavior is central to its stated purpose (fitness and chronic disease analysis). Since no network tools (curl, fetch) are permitted, the risk of data exfiltration is negligible.
- NO_CODE (SAFE): The skill consists entirely of markdown instructions and does not include any scripts, binary executables, or external package dependencies.
Audit Metadata