Back to skill

Security audit

HealthKit Sync

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only HealthKit sync skill whose sensitive health-data workflows are disclosed and aligned with its stated purpose.

Install this only if you intend to use the healthsync CLI with your own Apple Health data. Verify the external CLI separately, pair only trusted devices on trusted local networks, and treat terminal output, JSON/CSV exports, clipboard QR payloads, and logs as private health information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly shows fetching and exporting highly sensitive health data, including heart rate, sleep, blood pressure, and body metrics, to local files and stdout without any privacy warning, data minimization guidance, or handling precautions. In this context, the commands normalize broad data export and persistence, which can lead to accidental disclosure through shell history, insecure file storage, backups, or sharing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The testing guide says the skill activates on 'relevant keywords' and provides broad trigger examples, but it does not define exclusion conditions or tighter routing criteria. In an agent system, this can cause accidental activation on loosely related prompts, increasing the chance that the skill injects sensitive architectural and security guidance into unrelated conversations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The listed activation terms include generic words like 'sync' and 'fetch', which are common across many unrelated workflows. In a skill-loading system, overly broad keywords can cause the wrong skill to activate, exposing detailed operational or security content where it was not intended and degrading trust boundaries between skills.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The architecture explicitly says fetched health samples are formatted and written to stdout, which can expose highly sensitive medical data to terminal history, shell redirection, logs, CI capture, or other local monitoring tools. In a health-data sync context, this increases privacy risk because even correct functionality can leak protected data through secondary channels outside the app's audited storage path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.