fitness-nutrition
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to construct shell commands using
curlandpython3with variables derived from user input, such asEXERCISE_IDandFILTER. While search terms are properly URL-encoded using Python, other variables are interpolated directly into shell strings. This creates a potential for command injection if the agent populates these fields with inputs containing shell subshells or backticks. - [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known and reputable services, including the wger Open Exercise Database and the United States Department of Agriculture (USDA) FoodData Central API. These operations are consistent with the skill's purpose.
- [DATA_EXFILTRATION]: User-supplied queries regarding foods and exercises are sent to external APIs. This is a primary function of the skill and no sensitive user credentials or system files are accessed or transmitted.
- [REMOTE_CODE_EXECUTION]: Automated scans flagged several instances of piping
curloutput topython3. Detailed analysis confirms these are used to pipe JSON data from trusted APIs into local Python scripts for parsing and formatting. The code being executed is provided locally within the skill's instructions, not downloaded from a remote server. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it processes and displays descriptions and food names retrieved from third-party databases. If these external records were compromised to include malicious instructions, the agent might inadvertently follow them while processing the data.
Recommendations
- HIGH: Downloads and executes remote code from: https://wger.de/api/v2/exerciseinfo/${EXERCISE_ID}/?format=json, https://wger.de/api/v2/exercise/search/?term=${ENCODED}&language=english&format=json, https://wger.de/api/v2/exercise/?${FILTER}&language=2&status=2&limit=20&format=json - DO NOT USE without thorough review
Audit Metadata