Healthy Eating

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only healthy eating skill whose meal logging and nutrition guidance are coherent with its purpose, with the main caution being private diet and wellness data.

Before installing, consider that meal logs and notes about how you feel can be private. Keep any stored logs local and avoid entering medical, allergy, eating-disorder, or other sensitive health details unless you are comfortable retaining them; use a qualified professional for medical or nutrition treatment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad, natural-language terms that are likely to appear in ordinary conversation, which can cause the skill to activate unintentionally. In an agent environment, accidental invocation can hijack user intent, interfere with routing to other skills, and expose meal or health-related inputs to a skill the user did not explicitly mean to invoke.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 83% confidence
Finding: The trigger 'log meal' begins with the built-in verb 'log', creating a shadow-command conflict with a likely core command namespace. This can cause ambiguous parsing or command interception, leading to the wrong handler processing user input and reducing trust and predictability in the agent's command system.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal