foundation-models-on-device
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill emphasizes on-device processing using Apple's SystemLanguageModel, which is designed to prevent data from leaving the local device, enhancing privacy.
- [COMMAND_EXECUTION]: While the skill includes patterns for 'Tool Calling', these tools execute custom Swift code within the app's own sandbox for domain-specific tasks and do not represent arbitrary command execution risks in the context of the skill itself.
- [INDIRECT_PROMPT_INJECTION]: The skill describes an architecture that processes user-provided natural language to trigger tools or generate structured data.
- Ingestion points: User input is passed to
session.respond(to:)and parameters are parsed into@Generablestructs. - Boundary markers: The documentation specifically recommends using system instructions to implement safety measures (e.g., 'Respond with I can't help with that for dangerous requests').
- Capability inventory: The system can trigger custom
Toolimplementations throughfunc call(arguments:)based on model interpretation of input. - Sanitization: The skill promotes the use of
@Generablestructured output to reduce the risks associated with parsing raw strings, though input sanitization remains the responsibility of the implementing developer.
Audit Metadata