Critical-risk tools in Fitbit Googlehealth
7 of the 29 tools in Fitbit Googlehealth are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_activity_logDestructiveRemove a previously logged exercise by its logId (from log_activity output or from get_exercise_list[].logId).
-
delete_body_fat_logDestructiveRemove a previously logged body-fat entry by its logId (from log_body_fat output or from get_body_log.fat[].logId).
-
delete_food_logDestructiveRemove a previously logged food entry by its logId (from log_food or log_meal_photo output). Use this to undo a mistake.
-
delete_meal_presetDestructiveRemove a saved meal preset by name. Prior log entries are NOT affected.
-
delete_sleep_logDestructiveRemove a previously logged sleep entry by its logId (from log_sleep output or from get_sleep[].logId).
-
delete_water_logDestructiveRemove a previously logged water entry by its logId (from log_water output or from get_food_log.water.water[].logId).
-
delete_weight_logDestructiveRemove a previously logged weight entry by its logId (from log_weight output or from get_body_log.weight[].logId). Use this to undo a mis-typed or test reading.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.