iblai-agent-evals
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions and examples for using curl to interact with API endpoints at api.iblai.app for dataset management and experiment execution.- [DATA_EXFILTRATION]: Uses environment variables (IBLAI_API_KEY, IBLAI_ORG, IBLAI_USERNAME) to authenticate requests to the vendor's official API domain (api.iblai.app). This is expected behavior for an API-integrated skill.- [PROMPT_INJECTION]: The skill processes untrusted external data via dataset items, CSV uploads, and chat traces, which represents an indirect prompt injection surface.
- Ingestion points: Dataset item creation (JSON/traces) and CSV upload endpoints in SKILL.md.
- Boundary markers: None explicitly defined in the API interaction instructions.
- Capability inventory: Limited to network requests to the vendor's API; no local file system writes or subprocess execution commands are exposed.
- Sanitization: Not explicitly mentioned in the skill documentation.
Audit Metadata