Security audit

weight-loss-coach

Security checks across malware telemetry and agentic risk

Overview

This is a coherent weight-loss coaching skill, but it should be used only with awareness that it remembers sensitive health and lifestyle details.

Before installing, understand that this skill is designed to remember weight, body metrics, diet logs, exercise habits, goals, and recipe preferences over time. Avoid sharing screenshots with account identifiers or unrelated private information, and check your platform controls for reviewing or deleting remembered health data. Do not treat it as medical advice, especially for medical conditions or eating-disorder concerns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

High

Confidence: 94% confidence
Finding: The instruction to activate immediately even for ambiguous statements creates consent and context-mismatch risk. Users making casual food-related remarks may be pushed into profiling, calorie analysis, or behavior tracking they did not clearly request, increasing the chance of inappropriate collection and inference of health information.

Vague Triggers

High

Confidence: 94% confidence
Finding: The instruction to activate immediately even for ambiguous statements creates consent and context-mismatch risk. Users making casual food-related remarks may be pushed into profiling, calorie analysis, or behavior tracking they did not clearly request, increasing the chance of inappropriate collection and inference of health information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly directs persistent storage of sensitive health-related data such as height, weight, age, sex, goals, activity level, exercise preferences, and historical intake, but does not clearly warn users about retention or obtain informed consent. In a health context, this materially increases privacy risk because the data can reveal body composition, habits, and potentially medical concerns over time.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs use of web search for diet content without a privacy warning or guardrails around query construction. If user-specific preferences, goals, or health-related context are included in search terms or surrounding tool use, sensitive interests or inferred health status may be exposed to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal