iblai-test
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to build the application ('pnpm build'), run unit tests ('pnpm test'), and manage development environments. It also uses 'npx' to install browser dependencies and run Playwright tests.
- [REMOTE_CODE_EXECUTION]: At runtime, the skill writes a custom TypeScript script ('e2e/visual-test.ts') containing authentication and screenshot logic and then executes it using 'npx tsx'. This dynamic generation and execution of code is a form of runtime script execution.
- [CREDENTIALS_UNSAFE]: The instructions direct the agent to ask the user for their account email and password and store them in a local '.env.development' file. While this is a standard practice for configuring end-to-end tests, the handling of raw credentials by the agent is a sensitive operation.
- [EXTERNAL_DOWNLOADS]: The skill references configuration and guidelines from the vendor's GitHub repositories ('iblai/iblai-app-cli' and 'iblai/vibe') and interacts with 'https://login.iblai.app' for authentication. These resources are associated with the vendor's platform functionality.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to visually inspect and interpret screenshots of the application being developed. This allows data from the rendered pages to potentially influence agent behavior during the 'Review Screenshots' phase.
- Ingestion points: Visual inspection of application screenshots in 'Step 5'.
- Boundary markers: Absent; no specific instructions are provided to differentiate application content from agent instructions.
- Capability inventory: Shell command execution ('pnpm', 'npx'), file system writes, and network access for testing.
- Sanitization: Absent; the agent is instructed to read the raw visual output of the rendered pages.
Audit Metadata