iblai-vibe-agent-chat-sidebar
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instructions designed to override agent behavior, bypass safety guardrails, or extract system prompts was found.
- [DATA_EXFILTRATION]: The code utilizes standard frontend mechanisms such as
localStorageto manage tenant keys and session state. While it handles authentication tokens (e.g.,axdToken) via hooks, there is no evidence of these secrets being hardcoded or exfiltrated to unauthorized external domains. All external references point to the vendor's official GitHub repository. - [REMOTE_CODE_EXECUTION]: No patterns of remote script execution (such as
curl | bash) or dynamic code execution (eval,exec) were detected. The skill provides shell commands for copying local assets, which is a standard setup procedure. - [COMMAND_EXECUTION]: The documented shell commands are restricted to local file operations (
mkdir,cp) intended for asset management during setup and do not pose a security risk. - [EXTERNAL_DOWNLOADS]: The skill references image assets and documentation from the vendor's own GitHub organization (
iblai). These are considered safe vendor resources. - [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or private credentials were found. Authentication tokens are managed dynamically through the vendor's SDK hooks.
- [OBFUSCATION]: No obfuscated code, hidden URLs, or suspicious character encoding techniques were identified.
Audit Metadata