pp-myfitnesspal
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install third-party software from the author's GitHub and NPM repositories. Specifically, it guides the installation of the
myfitnesspal-pp-cliandmyfitnesspal-pp-mcptools usingnpxandgo installfromgithub.com/mvanhorn/printing-press-libraryand@mvanhorn/printing-press. - [COMMAND_EXECUTION]: The skill utilizes the
Read Bashtool to execute a series of CLI commands required for fetching, syncing, and analyzing dietary data. This includes commands for authentication, database synchronization, and report generation. - [DATA_EXFILTRATION]: The skill exposes a mechanism to deliver potentially sensitive health and nutrition data to external servers via a webhook feature (
--deliver webhook:<url>). Additionally, the authentication process involves reading Chrome browser cookies, which is a sensitive operation necessary for the tool's scraping functionality. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and processes untrusted data from the MyFitnessPal service (e.g., food diary entries, food database search results).
- Ingestion points: Data enters the agent context through CLI commands that fetch diary logs, search results, and user profiles (SKILL.md).
- Boundary markers: While the tool uses structured JSON output (
--json), the skill instructions do not specify explicit delimiters or "ignore embedded instructions" warnings for the agent when processing the results. - Capability inventory: The agent has access to the
Read Bashtool, enabling it to write files to the local system (--out) and perform network requests to arbitrary URLs via the webhook delivery feature. - Sanitization: There is no evidence of sanitization or filtering of the external data before it is presented to the agent for reasoning.
Audit Metadata