iblai-vibe-agent-chat
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of several Node.js packages via npm/pnpm. This includes vendor libraries (@iblai/data-layer, @iblai/web-containers, @iblai/web-utils, @iblai/agent-ai, @iblai/iblai-web-mentor) and well-known third-party libraries for UI components, pagination, and real-time communication (livekit-client, @livekit/components-react, react-paginate, @tauri-apps/api).
- [COMMAND_EXECUTION]: Instructions include shell commands for verifying the presence of specific SDK exports within node_modules using grep and installing dependencies using pnpm.
- [DATA_EXFILTRATION]: The skill configures the application to interact with several external endpoints for authentication, data management, and WebSocket communication. All configured domains (iblai.org, iblai.app, iblai.ai) are owned by the vendor. The integration manages sensitive authentication tokens (dm_token, axd token) within the browser's localStorage, which is standard practice for this type of web SDK integration.
Audit Metadata