iblai-agent-memory
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill interacts with the vendor's official API domain (api.iblai.app) to manage agent memories. This network activity is documented and aligns with the tool's intended use case as a platform utility.
- [SAFE]: Credentials, specifically the API token, are handled using environment variables ($IBLAI_API_KEY) rather than being hardcoded, which follows standard security best practices for credential management.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it retrieves and processes user-generated memory content from the API. + Ingestion points: Memory content is ingested via the mentor-memories-list and mentor-memories API endpoints. + Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate retrieved memory data from the agent's core instructions. + Capability inventory: The skill includes capabilities to perform network requests and modify or delete data through POST, PATCH, and DELETE API calls. + Sanitization: No explicit sanitization or validation of the memory content retrieved from the platform is mentioned in the skill definition.
Audit Metadata