apple-foundation-models
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The skill documentation contains deceptive information regarding platform support.
- Evidence: SKILL.md and references/getting_started.md claim support for 'iOS 26.0+', 'macOS 26.0+', and 'visionOS 26.0+', which are significantly beyond currently existing or announced versions.
- External Downloads (LOW): The script 'references/scripts/scrape_apple_articles.py' performs automated network requests to retrieve documentation from an external source.
- Evidence: The script uses Playwright to navigate to multiple URLs under 'developer.apple.com' and extract content.
- Indirect Prompt Injection (LOW): The documentation scraper ingests data from external web pages without sanitization, creating a potential vulnerability surface.
- Ingestion points: 'references/scripts/scrape_apple_articles.py' via 'page.goto' to Apple developer URLs.
- Boundary markers: None; content is extracted and stored directly in JSON format.
- Capability inventory: The script has the ability to write to the local file system at 'output/apple_articles_scraped.json'.
- Sanitization: None; the script extracts 'text_content()' and 'inner_text()' directly from the DOM without validation or filtering.
Audit Metadata