iblai-course-create
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates exclusively with the vendor's own API domain (
api.iblai.app) to manage course creation tasks. - [SAFE]: Sensitive credentials like the API key and username are handled through environment variables (
$IBLAI_API_KEY,$IBLAI_USERNAME), which is a secure practice that prevents the exposure of secrets. - [SAFE]: The skill includes explicit instructions for the agent to confirm with the user before performing destructive actions, such as deleting tasks or course records.
- [SAFE]: The skill ingests data from external API endpoints (e.g., course outlines and full structures). While this creates a surface for Indirect Prompt Injection if the source content were malicious, it is the intended primary purpose of the skill and does not represent an immediate security risk.
Audit Metadata