Security audit

Fitness Agent

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only fitness coaching skill with no code, install steps, credentials, or hidden data access, though its tone and broad metadata tags deserve user awareness.

Safe to install from a security perspective, but avoid sharing sensitive medical details unless you trust the hosting agent's privacy practices. Treat it as general fitness guidance, not medical advice, and be aware that the persona includes insulting language that some users may find inappropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The phrase "fat slob" is insulting and demeaning language embedded in the skill's natural-language description. This kind of hostile wording can violate professionalism or respectful-language policies even though it is not a technical security issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal