skills/iblai/vibe/iblai-local-llm/Gen Agent Trust Hub

iblai-local-llm

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation describes procedures for downloading the Ollama service installer from its official domain (ollama.com) and the Rust toolchain from rustup.rs. These are well-known services and the references are consistent with the skill's stated purpose.
  • [COMMAND_EXECUTION]: The contract includes the implementation of system commands such as nvidia-smi for GPU memory detection and sysinfo for RAM monitoring. It also discusses the execution of installation scripts for service setup.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of user-provided chat messages for local inference, representing an indirect prompt injection surface. 1. Ingestion points: Messages are ingested through the ollama_chat and ollama_chat_stream commands defined in references/tauri-commands.md. 2. Boundary markers: No specific boundary markers are defined in the communication contract. 3. Capability inventory: The skill requires capabilities for file system writes (model storage), network access (local daemon API), and subprocess execution (hardware probes and installers) as detailed in SKILL.md and references/tauri-commands.md. 4. Sanitization: No explicit sanitization or filtering logic is specified in the provided contract files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:47 PM
Security Audit — agent-trust-hub — iblai-local-llm