alt Hacker NewsExciting to see Apple making agentic coding first-class. The "Xcode Intelligence" feature that pulls from docs and developer forums is powerful.
One thing I'm curious about: as the agent ingests more external content (documentation, code samples, forum answers), the attack surface for prompt injection expands. Malicious content in a Stack Overflow answer or dependency README could potentially influence generated code.
Does Apple's implementation have any sanitization layer between retrieved content and what gets fed to the model? Or is the assumption that code review catches anything problematic? Seems like an interesting security challenge as these tools go mainstream.
> Does Apple's implementation have any sanitization layer between retrieved content and what gets fed to the model?
It's been discussed a lot but fundamentally there isn't a way to solve this yet (and it may not be solvable period). I'm sure they've asked their model(s) to not do anything stupid through the system prompt. Remember, prepending and appending text to the user's request to an LLM is the all you can do. With an LLM it's only text string in then text string out. That's it.