foundation-models-app-builder

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides numerous Swift code recipes that are vulnerable to indirect prompt injection by interpolating untrusted user data directly into model prompts without sanitization or boundary markers.\n
  • Ingestion points: User-provided strings such as notes in references/architecture.md, text from receipts in references/dynamic-schemas.md, metricText in references/healthkit.md, and retrieved document chunks in references/rag.md.\n
  • Boundary markers: Examples consistently use simple string interpolation (e.g., Prompt("Extract... \(text)")) without delimiters like XML tags or triple quotes, or specific instructions for the model to ignore embedded commands.\n
  • Capability inventory: The recipes demonstrate capabilities including model response generation and app-integrated tool calling (e.g., calculator, reminders).\n
  • Sanitization: There is no evidence of input validation, escaping, or filtering of the interpolated content in the provided Swift snippets.\n- [COMMAND_EXECUTION]: references/common-errors.md includes local build and test commands (xcodebuild, swift test) intended for use in the developer's project environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:29 PM
Security Audit — agent-trust-hub — foundation-models-app-builder