coreml
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection exists because the skill handles external data for model inference.
- Ingestion points: External data enters through analyzeSentiment(text:) in references/coreml-swift-integration.md and image/audio prediction methods in SKILL.md.
- Boundary markers: No delimiters or safety instructions are used to separate user data from the model's processing context.
- Capability inventory: The skill allows for local ML model predictions (e.g., classification, detection), which are generally sandboxed by the Core ML framework.
- Sanitization: Input data is not sanitized or filtered for potential malicious instructions before being passed to the model.
Audit Metadata