fitness-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection. The skill ingests untrusted data from fitness logs (Category 8 surface) and possesses the 'Write' capability. Evidence: (1) Ingestion: data/fitness-logs/ (SKILL.md); (2) Boundary Markers: Absent; (3) Capability: Write (SKILL.md allowed-tools); (4) Sanitization: Absent. An attacker could embed instructions in logs to exfiltrate PHI.
- [DATA_EXFILTRATION] (HIGH): The skill accesses highly sensitive files including hypertension-tracker.json and diabetes-tracker.json. While no network tool is listed, the Write tool provides a mechanism for data exposure if the agent is compromised via injection.
Recommendations
- AI detected serious security threats
Audit Metadata