nutritional-specialist
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides a surface for indirect prompt injection by ingesting and storing untrusted data (user preferences, health conditions).
- Ingestion points: Data is ingested via the
set_preferencesandupdate_preferencefunctions inscripts/preferences_manager.pyand stored in~/.claude/nutritional_preferences.json. - Boundary markers: No boundary markers or 'ignore' instructions are present to delimit the stored data when it is retrieved.
- Capability inventory: The skill is capable of reading and writing to the local file system using Python's
open()andpathlib(file operations inscripts/preferences_manager.py). - Sanitization: No sanitization or validation of the input data is performed before it is saved to the JSON database.
- [Data Exposure] (SAFE): Although the script accesses sensitive data related to health and allergies, this data is created and managed by the skill itself for its primary purpose. The storage location (
~/.claude/) is a standard practice for CLI-based agents and no unauthorized access to system-level sensitive files (like SSH keys or AWS credentials) was detected.
Audit Metadata