fitness-nutrition

Provides a comprehensive gym workout planner and nutrition tracker, utilizing free APIs for exercises and food data.

Install this skill

or

42/100

Security score

The fitness-nutrition skill was audited on May 23, 2026 and we found 18 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 114

Template literal with variable interpolation in command context

SourceSKILL.md

114

```bash

medium line 128

Template literal with variable interpolation in command context

SourceSKILL.md

128

```bash

medium line 149

Template literal with variable interpolation in command context

SourceSKILL.md

149

```bash

medium line 168

Template literal with variable interpolation in command context

SourceSKILL.md

168

```bash

medium line 190

Template literal with variable interpolation in command context

SourceSKILL.md

190

```bash

medium line 118

Curl to non-GitHub URL

SourceSKILL.md

118	curl -s "https://wger.de/api/v2/exercise/search/?term=${ENCODED}&language=english&format=json" \

medium line 131

Curl to non-GitHub URL

SourceSKILL.md

131	curl -s "https://wger.de/api/v2/exerciseinfo/${EXERCISE_ID}/?format=json" \

medium line 153

Curl to non-GitHub URL

SourceSKILL.md

153	curl -s "https://wger.de/api/v2/exercise/?${FILTER}&language=2&status=2&limit=20&format=json" \

medium line 173

Curl to non-GitHub URL

SourceSKILL.md

173	curl -s "https://api.nal.usda.gov/fdc/v1/foods/search?api_key=${API_KEY}&query=${ENCODED}&pageSize=5&dataType=Foundation,SR%20Legacy" \

medium line 194

Curl to non-GitHub URL

SourceSKILL.md

194	curl -s "https://api.nal.usda.gov/fdc/v1/food/${FDC_ID}?api_key=${API_KEY}" \

low line 23

External URL reference

SourceSKILL.md

23	help: "Get one free at https://fdc.nal.usda.gov/api-key-signup/ — or skip to use DEMO_KEY with lower rate limits"

low line 35

External URL reference

SourceSKILL.md

35	- wger (https://wger.de/api/v2/) — open exercise database, 690+ exercises with muscles, equipment, images. Public endpoints need zero authentication.

low line 36

External URL reference

SourceSKILL.md

36	- USDA FoodData Central (https://api.nal.usda.gov/fdc/v1/) — US government nutrition database, 380,000+ foods. `DEMO_KEY` works instantly; free signup for higher limits.

low line 118

External URL reference

SourceSKILL.md

118	curl -s "https://wger.de/api/v2/exercise/search/?term=${ENCODED}&language=english&format=json" \

low line 131

External URL reference

SourceSKILL.md

131	curl -s "https://wger.de/api/v2/exerciseinfo/${EXERCISE_ID}/?format=json" \

low line 153

External URL reference

SourceSKILL.md

153	curl -s "https://wger.de/api/v2/exercise/?${FILTER}&language=2&status=2&limit=20&format=json" \

low line 173

External URL reference

SourceSKILL.md

173	curl -s "https://api.nal.usda.gov/fdc/v1/foods/search?api_key=${API_KEY}&query=${ENCODED}&pageSize=5&dataType=Foundation,SR%20Legacy" \

low line 194

External URL reference

SourceSKILL.md

194	curl -s "https://api.nal.usda.gov/fdc/v1/food/${FDC_ID}?api_key=${API_KEY}" \

Scanned on May 23, 2026

View Security Dashboard

Installation guide →

GitHub Stars 185.0K

Rate this skill

Categoryhealthcare

UpdatedJune 10, 2026

health-informatics healthcare

NousResearch/hermes-agent