skills/iblai/vibe/iblai-design/Gen Agent Trust Hub

iblai-design

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx impeccable in its allowed tools, which downloads and executes an external package from the npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The script live-server.mjs initializes a local HTTP server on the host machine to facilitate browser-agent communication and uses spawn to manage detached background processes.
  • [REMOTE_CODE_EXECUTION]: live-poll.mjs dynamically executes other Node.js scripts within the skill's directory using execFileSync to handle browser-triggered events.
  • [COMMAND_EXECUTION]: The script pin.mjs programmatically modifies the AI agent's internal configuration by creating new subdirectories and SKILL.md files within harness-specific skill folders (e.g., .claude/skills/).
  • [COMMAND_EXECUTION]: cleanup-deprecated.mjs performs automated directory and file deletions within the agent's skill environment based on heuristic content checks of SKILL.md files.
  • [COMMAND_EXECUTION]: Multiple scripts, including live-inject.mjs and live-wrap.mjs, perform automated modifications of the user's project source files (HTML, JSX, TSX, etc.) to inject script tags and UI wrappers.
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection:
  • Ingestion points: load-context.mjs reads content from untrusted project files like PRODUCT.md and DESIGN.md.
  • Boundary markers: Absent; the content of these files is used to guide design decisions without clear delimiters.
  • Capability inventory: The skill has access to shell execution (Bash) and extensive file write capabilities across the project and agent environment.
  • Sanitization: No validation or sanitization of the markdown content from context files was observed before it influences agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:38 PM
Security Audit — agent-trust-hub — iblai-design