skills/iblai/vibe/iblai-ops-test/Gen Agent Trust Hub

iblai-ops-test

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute build and test pipelines using pnpm and npx. This includes installing browser binaries and system libraries required for Playwright E2E testing.
  • [EXTERNAL_DOWNLOADS]: Fetches testing reference documentation and brand guidelines from official IBLAI GitHub repositories. These resources are used to validate that the application meets vendor-specific requirements.
  • [COMMAND_EXECUTION]: Dynamically generates and executes a Playwright automation script (e2e/visual-test.ts) that handles user authentication and captures full-page screenshots for visual inspection.
  • [PROMPT_INJECTION]: The requirement to inspect application screenshots for UI defects constitutes an indirect prompt injection surface where text rendered in the UI could attempt to influence the agent.
  • Ingestion points: Screenshots of the application captured during the E2E test phase (SKILL.md).
  • Boundary markers: Absent; there are no instructions to disregard content within the screenshots.
  • Capability inventory: Shell command execution via pnpm and npx (SKILL.md).
  • Sanitization: None; screenshots are analyzed as raw visual input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:38 PM
Security Audit — agent-trust-hub — iblai-ops-test