fitbit-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (fitbit_api.py, fitbit_briefing.py) to retrieve and analyze fitness data.
- [DATA_EXFILTRATION]: The skill transmits requests to the well-known Fitbit Web API to fetch user health metrics, which is the core intended functionality.
- [PROMPT_INJECTION]: The skill ingests external data from the Fitbit API, creating a surface for indirect prompt injection.
- Ingestion points: Data is pulled from Fitbit API endpoints such as activity summaries and sleep logs.
- Boundary markers: No specific delimiters are defined to separate ingested data from agent instructions.
- Capability inventory: The skill has the ability to execute Python scripts based on external data.
- Sanitization: No evidence of sanitization for API-provided content is present in the skill documentation.
Audit Metadata