mlx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill documents processes that ingest untrusted data from training files and user prompts, creating an attack surface for indirect injection. Evidence: (1) Ingestion points:
train.jsonlfiles and user prompts. (2) Boundary markers: Recommendsapply_chat_templatefor instruction delimiting. (3) Capability inventory: Supports inference, fine-tuning, and API hosting. (4) Sanitization: Relies on chat templates for input isolation. - External Downloads (SAFE): The skill references standard installations via pip (mlx-lm) and model downloads from Hugging Face, both of which are trusted industry sources.
- Command Execution (SAFE): The skill provides numerous examples of MLX CLI commands which are necessary for the skill's documented purpose and show no malicious intent.
Audit Metadata