nutrition-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs nutrition analysis by reading local data files such as
nutrition-tracker.jsonand daily logs in thedata-example/directory. This access is consistent with its stated purpose and does not involve sensitive system files or credentials. - [SAFE]: No network tools (e.g., curl, wget) are included in the
allowed-toolslist, and no network exfiltration patterns were detected, ensuring that processed health data remains within the local environment. - [SAFE]: The skill processes untrusted user-provided health logs, which constitutes a surface for indirect prompt injection. However, this is necessary for the skill's primary functionality. The risk is assessed as safe due to the lack of dangerous capabilities (like network access or command execution) that could be leveraged by such an injection. (Ingestion points: data-example/nutrition-logs/, data-example/profile.json, etc.; Boundary markers: Absent; Capability inventory: Read, Write, Grep, Glob; Sanitization: None identified).
- [SAFE]: All external URLs referenced in the skill are to well-known, authoritative health and government organizations such as the WHO, USDA, and official dietary guidelines repositories.
Audit Metadata