diet-base
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the @xiejiapeng/diet-cli package from the NPM registry if the command is missing. This is a vendor-owned package required for the skill's core functionality.
- [COMMAND_EXECUTION]: The skill executes shell commands to run the diet CLI, perform SQLite queries via sqlite3, and read local configuration files using cat. These operations are scoped to the application's data directory.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by interpolating user-provided diet data into shell commands.
- Ingestion points: User-supplied food names and quantities in references/message.md.
- Boundary markers: The skill uses double quotes in its command templates (e.g., --foods "") but does not provide explicit instructions to the agent to escape shell control characters.
- Capability inventory: The skill uses shell commands, database access, and file reading capabilities across multiple reference files.
- Sanitization: No explicit sanitization or validation logic is defined in the scripts; the system relies on the agent to correctly format the input strings.
Audit Metadata