iblai-agent-embed
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads a configuration template (iblai.env) from the author's official GitHub repository (iblai/vibe). This is a standard setup procedure and is considered safe as it originates from the official vendor source.
- [COMMAND_EXECUTION]: It performs standard package management operations, including installing and upgrading the vendor's official CLI tools (iblai-app-cli, @iblai/cli) and UI libraries. These commands are necessary for the skill's intended functionality and are executed using standard tools like npm, pnpm, and pip.
- [DATA_EXFILTRATION]: The skill correctly manages sensitive information by instructing users to use environment files (.env.local, iblai.env) for tokens and platform variables. This practice prevents the accidental exposure of secrets in the source code.
- [PROMPT_INJECTION]: It requests a mentorId (agent UUID) from the user to configure the UI components. This is a functional requirement for the skill and does not attempt to bypass agent safety guidelines or override behavior.
Audit Metadata