core-data-expert
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill content is purely educational, consisting of markdown documentation and Swift code snippets for implementing Core Data stacks, migrations, and performance optimizations. No execution of arbitrary system commands or unauthorized network activity was detected.
- [EXTERNAL_DOWNLOADS]: The documentation references external resources such as Apple's official WWDC videos and the community-maintained GitHub repository
github.com/avanderlee/CoreDataBestPractices. These are well-known, trusted resources within the developer community and do not represent a supply-chain risk. - [INDIRECT_PROMPT_INJECTION]: The skill includes a 'Project Audit' checklist (
references/project-audit.md) that encourages the agent to read local project files, such as data model XML and source code. This represents an attack surface where untrusted data (if a project file were maliciously crafted) could influence the agent's behavior. However, the skill does not grant the agent dangerous capabilities (like network exfiltration or direct shell execution) that would make this surface critical. - Ingestion points: Local developer files including
*.xcdatamodeld, model XML, and Swift source files. - Boundary markers: None explicitly defined within the skill instructions.
- Capability inventory: Code analysis and recommendation; no system-level write access, network operations, or subprocess executions are provided in the skill scripts.
- Sanitization: Not applicable as the skill primarily guides the agent's reasoning about structured code.
Audit Metadata