Back to skill

Security audit

Trainer Buddy Pro

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent fitness coach, but it stores and changes sensitive injury/body-profile data with weak consent, retention, and safety boundaries.

Install only if you are comfortable with the agent storing workout history, body metrics, injuries, and limitations, and review profile changes before allowing them to be saved. Do not run the backup script until it is fixed. Use the optional dashboard or Supabase/cloud mode only after adding authentication, access controls, deletion/retention rules, and clear consent for sensitive fitness data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill presents itself as an AI personal trainer that generates tailored workouts, progression plans, and injury-aware guidance while disclaiming that it is not a licensed or certified trainer. That mismatch can create unjustified user trust and encourage reliance on advice that may be unsafe for beginners, injured users, or users with underlying medical conditions.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The prompt says to never prescribe rehabilitation protocols, but later gives injury-specific exercise substitutions, movement restrictions, and ongoing adaptation logic that effectively functions as rehab or quasi-clinical exercise prescription. For users with pain or injury, this can delay proper care or worsen the condition by normalizing self-managed treatment through the skill.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The example starts as conversational coaching but later has the agent unilaterally update the user's Pull day and profile, introducing hidden side effects and persistent state changes. This is dangerous because users may interpret the interaction as informational only, while the agent is shown taking actions that modify plans and stored data without explicit capability disclosure and confirmation at the moment of change.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The root-detection function is malformed and contradicts its own comments about staying within the skill boundary. It includes broken syntax and emits parent-directory paths that can traverse outside the intended skill directory, which can cause backup and cleanup operations to target unintended filesystem locations if the script is repaired or partially interpreted differently than intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest explicitly defines storage for health-related and potentially sensitive personal data, including injuries, body metrics, and fitness profiles, but provides no indication of privacy notice, consent, retention limits, or access-control expectations. In a fitness skill, this increases risk of improper handling of sensitive user data and can lead to privacy violations, regulatory exposure, or user harm if the surrounding platform does not enforce safeguards by default.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example describes adding a note to the user's profile without warning that this is a persistent data modification or explaining retention/visibility implications. In a coaching context, profile notes about physical limitations or pain concerns may be sensitive health-adjacent information, so silently storing them can violate user expectations and privacy norms.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides specific exercise prescriptions, weight targets, and progression advice without any screening for injuries, medical limitations, training experience, or current readiness. In a fitness context, omitting basic safety guidance can contribute to overexertion, aggravation of existing conditions, or improper use of equipment, especially when the workout is generated from limited context.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:20