Skills
skills/iblai/vibe/iblai-safety-tab/Gen Agent Trust Hub

iblai-safety-tab

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads a configuration template for iblai.env from the official ibl.ai GitHub repository.\n- [COMMAND_EXECUTION]: Performs installation and updates for vendor CLI tools (iblai-app-cli, @iblai/cli) and executes standard project commands (pnpm build, pnpm test, pnpm dev).\n- [DATA_EXFILTRATION]: Manages a configuration file (iblai.env) containing a TOKEN, which is the intended mechanism for vendor authentication.\n- [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection where safety prompt data is rendered in the UI.\n
  • Ingestion points: The renderPromptContent prop in AgentSafetyTab within app/(app)/agents/[mentorId]/safety/page.tsx.\n
  • Boundary markers: Not explicitly specified in the implementation code.\n
  • Capability inventory: Subprocess execution is available in the environment through pnpm, npm, and pip commands.\n
  • Sanitization: The implementation uses react-markdown to render content, providing a layer of protection against direct HTML injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 06:55 PM