- safe_primitive(?Goal) is nondet[multifile, library(sandbox)]
- True if Goal is safe to call (i.e., cannot access dangerous
system-resources and cannot upset other parts of the Prolog
process). There are two types of facts. ISO built-ins are
declared without a module prefix. This is safe because it is not
allowed to (re-)define these primitives (i.e., give them an
unsafe implementation) and the way around
(redefine_system_predicate/1) is unsafe. The other group are
module-qualified and only match if the system infers that the
predicate is imported from the given module.