Skills
skills/rshankras/claude-code-apple-skills/core-ml/Gen Agent Trust Hub

core-ml

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides implementation templates for the runtime compilation and loading of Core ML models. Specifically, patterns.md and templates.md contain code using MLModel.compileModel(at: sourceURL) and MLModel.load(contentsOf: compiledURL). This allows an application to dynamically load and execute model logic fetched from external sources at runtime.\n- [PROMPT_INJECTION]: The skill generates code designed to ingest and process untrusted external data, which is a prerequisite for indirect prompt injection.\n
  • Ingestion points: TextAnalyzer.swift (text input), ImageClassifier.swift (images), VisionService.swift (images/barcodes), and CameraMLPipeline.swift (camera frames).\n
  • Boundary markers: The generated templates do not include delimiters or specific instructions to ignore embedded commands within the processed data.\n
  • Capability inventory: The templates provide the ability to perform ML inference using MLModel.prediction and various Vision framework requests.\n
  • Sanitization: No input validation or adversarial filtering is implemented in the code to sanitize data before processing.\n- [EXTERNAL_DOWNLOADS]: The ModelUpdater pattern in patterns.md includes logic to download resources from remote URLs using URLSession.shared.download(from: remoteURL), facilitating the retrieval of external model files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 02:03 PM