iblai-catalog-invitations
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Uses environment variables ($IBLAI_API_KEY) for authentication instead of hardcoded secrets.\n- [SAFE]: Restricts communication to the official vendor domain (api.iblai.app), which is the legitimate backend for the skill.\n- [SAFE]: Implements human-in-the-loop verification by requiring confirmation before performing destructive operations or sending invitations.\n- [PROMPT_INJECTION]: Potential surface for indirect prompt injection when processing external API data.\n
- Ingestion points: Data retrieved from https://api.iblai.app/dm/api/catalog/ (SKILL.md).\n
- Boundary markers: None present; no instructions provided to distinguish between data and commands in API responses.\n
- Capability inventory: Network-based management operations including invitation creation, license assignment, and access request approval (SKILL.md).\n
- Sanitization: No explicit sanitization or validation of API content is described in the skill instructions.
Audit Metadata