swiftdata
Fail
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to access a file in a sensitive local path.
- Evidence: In
inheritance/SKILL.md, the instructionLocal captured doc (optional): ~/Downloads/docs/SwiftData-Class-Inheritance.md — read if present; skip silently if absent.encourages the agent to read from the user's private Downloads folder. - Risk: Accessing user-specific directories like Downloads allows the agent to read data from a private folder that is typically outside the scope of a software project. This can lead to unauthorized exposure of user data or sensitive information contained in downloaded files.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by reading untrusted local data from an external file.
- Ingestion points: The file
~/Downloads/docs/SwiftData-Class-Inheritance.md(referenced ininheritance/SKILL.md) serves as an untrusted data source. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions that might be embedded inside the external documentation file.
- Capability inventory: The skill has access to the
Read,Glob, andGreptools (defined inSKILL.md). - Sanitization: Absent. No logic is provided to validate or filter the content of the external file before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata