iblai-credentials
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external API responses, creating a surface for indirect prompt injection.\n
- Ingestion points: Data retrieved from multiple endpoints at
https://api.iblai.app/dm(SKILL.md).\n - Boundary markers: The instructions do not define specific delimiters or data-handling constraints to protect the agent from instructions potentially embedded in the API data.\n
- Capability inventory: The skill possesses significant write and delete capabilities, including creating credentials, managing user assignments, and configuring external issuing providers (SKILL.md).\n
- Sanitization: There is no mention of data validation or sanitization protocols for the content fetched from the API.
Audit Metadata