swift-mlx-lm
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides an interface for interacting with LLMs and VLMs, including support for tool calling, which creates a potential surface for indirect prompt injection. Maliciously crafted input processed by the models could attempt to influence tool execution or agent behavior.
- Ingestion points: Data enters the system via the
UserInputstruct, processed byChatSession.respond(to:)andModelContainer.generate(input:). - Boundary markers: The system uses model-specific tokenizers to apply chat templates, which provide structural delimiters between system, user, and assistant roles.
- Capability inventory: The skill is capable of performing network requests to Hugging Face for model downloads and writing model weights, configurations, and KV caches to the local file system.
- Sanitization: Tokenizers provide structural formatting for prompts but do not perform semantic analysis or filtering of user-provided content for adversarial instructions.\n- [EXTERNAL_DOWNLOADS]: The skill documentation describes and implements the automatic download of model weights and configuration files from Hugging Face (huggingface.co), an established and well-known service for machine learning assets.
Audit Metadata