swiftdata

Fail

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to access a file in a sensitive local path.
  • Evidence: In inheritance/SKILL.md, the instruction Local captured doc (optional): ~/Downloads/docs/SwiftData-Class-Inheritance.md — read if present; skip silently if absent. encourages the agent to read from the user's private Downloads folder.
  • Risk: Accessing user-specific directories like Downloads allows the agent to read data from a private folder that is typically outside the scope of a software project. This can lead to unauthorized exposure of user data or sensitive information contained in downloaded files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by reading untrusted local data from an external file.
  • Ingestion points: The file ~/Downloads/docs/SwiftData-Class-Inheritance.md (referenced in inheritance/SKILL.md) serves as an untrusted data source.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions that might be embedded inside the external documentation file.
  • Capability inventory: The skill has access to the Read, Glob, and Grep tools (defined in SKILL.md).
  • Sanitization: Absent. No logic is provided to validate or filter the content of the external file before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 4, 2026, 11:17 PM
Security Audit — agent-trust-hub — swiftdata