fitness-nutrition

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to construct shell commands using curl and python3 with variables derived from user input, such as EXERCISE_ID and FILTER. While search terms are properly URL-encoded using Python, other variables are interpolated directly into shell strings. This creates a potential for command injection if the agent populates these fields with inputs containing shell subshells or backticks.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known and reputable services, including the wger Open Exercise Database and the United States Department of Agriculture (USDA) FoodData Central API. These operations are consistent with the skill's purpose.
  • [DATA_EXFILTRATION]: User-supplied queries regarding foods and exercises are sent to external APIs. This is a primary function of the skill and no sensitive user credentials or system files are accessed or transmitted.
  • [REMOTE_CODE_EXECUTION]: Automated scans flagged several instances of piping curl output to python3. Detailed analysis confirms these are used to pipe JSON data from trusted APIs into local Python scripts for parsing and formatting. The code being executed is provided locally within the skill's instructions, not downloaded from a remote server.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it processes and displays descriptions and food names retrieved from third-party databases. If these external records were compromised to include malicious instructions, the agent might inadvertently follow them while processing the data.
Recommendations
  • HIGH: Downloads and executes remote code from: https://wger.de/api/v2/exerciseinfo/${EXERCISE_ID}/?format=json, https://wger.de/api/v2/exercise/search/?term=${ENCODED}&language=english&format=json, https://wger.de/api/v2/exercise/?${FILTER}&language=2&status=2&limit=20&format=json - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — fitness-nutrition