iblai-component
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration files (
iblai.env) and brand guidelines (BRAND.md) from the official iblai GitHub repository (github.com/iblai/vibe). These operations are used to set up the development environment with vendor-approved defaults. - [COMMAND_EXECUTION]: Utilizes system command-line interfaces including
pnpm,npm,npx, and theiblaiCLI to initialize projects, install dependencies, and manage application features. - [CREDENTIALS_UNSAFE]: References the management of sensitive configuration variables such as
TOKENandANTHROPIC_API_KEY. The skill correctly instructs the agent to handle these via environment variables or local.envfiles rather than exposing them as command-line arguments. - [PROMPT_INJECTION]: The skill utilizes a
--promptargument in theiblai startappcommand which processes natural language descriptions to guide the application scaffolding process. - Ingestion points: The
--promptCLI argument accepts arbitrary user input (found in SKILL.md). - Boundary markers: No explicit delimiters or ignore-instruction warnings are provided in the usage examples.
- Capability inventory: The
iblaiCLI has the capability to write files, modify configurations, and install packages (found in SKILL.md). - Sanitization: Sanitization and validation of the interpolated prompt strings are handled internally by the vendor's CLI tool.
Audit Metadata