Back to skill

Security audit

Healthy Eating

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only healthy eating skill with local meal and nutrition tracking guidance, and no executable or hidden high-impact behavior.

Before installing, consider that meal logs and notes about how you feel can be private health-adjacent information. Keep stored logs local, avoid entering highly sensitive medical or eating-disorder details unless you are comfortable retaining them, and treat suggestions as general wellness support rather than professional medical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger set includes very broad, common-language phrases such as 'healthy eating', 'nutrition check', and 'food choices', which can cause the skill to activate unintentionally during ordinary conversation. This creates a shadowing and misrouting risk where user input may be captured by this skill instead of a more appropriate or higher-priority command, reducing reliability and potentially exposing user-provided dietary information in the wrong context.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
89% confidence
Finding
The trigger phrase 'log meal' conflicts with the built-in verb 'log', creating a shadow-command condition where this skill may intercept commands intended for core logging functionality. Because meal logging is a plausible frequent action, the overlap increases the chance of command confusion, unintended execution, or diversion of user input into this skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.