iblai-vibe-agent-chat
Fail
Audited by Snyk on Jul 7, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for their agent/mentor UUID and to write it directly into .env.local (embedding user-provided secret/identifier verbatim into generated file output), which requires the LLM to handle and output a secret-like value directly.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This code deliberately sends the host page's entire localStorage (including auth tokens) to a third-party iframe/hosted mentor UI via postMessage and calls redirectToAuthSPA to deliver credentials, which constitutes intentional credential exposure/data exfiltration risk.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The legacy chat widget dynamically imports @iblai/iblai-web-mentor and imperatively creates a element that loads an external iframe at https://mentorai.iblai.app (mentorai.{domain}) and receives auth tokens via postMessage, so remote code/content is fetched and executed at runtime (assets/chat-widget.tsx.j2 lines 6-8, 55, 116-126, 130-141; SKILL.md lines 118-119).
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata