calorie-counter
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Analysis identified a surface for indirect prompt injection, a common characteristic of tools that aggregate and display user-provided content back to the AI agent.
- Ingestion points: Food names provided by the user are stored in the
calorie_data.dbfile via theadd_entryfunction inscripts/calorie_tracker.py. - Boundary markers: Data is presented to the agent in a text-based table (using
|and=symbols) in thesummaryandlist_entriesfunctions, which may not sufficiently isolate user content from the agent's internal instruction stream. - Capability inventory: The script's operations are confined to the local workspace; it manages an SQLite database and prints to standard output. It does not have network access, sensitive file system permissions, or the ability to execute arbitrary system commands.
- Sanitization: The skill does not perform sanitization, escaping, or filtering of user-inputted food names to prevent them from containing malicious instructions.
Audit Metadata