iblai-vibe-monetization-analytics

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches branding assets, environment templates, and documentation from the author's official GitHub repository (github.com/iblai/vibe). These are trusted resources used for project configuration.
  • [EXTERNAL_DOWNLOADS]: Downloads an OpenAPI schema from the vendor's API (api.iblai.app) to validate endpoint paths and methods. While the automated scanner flagged this as a potential remote code execution risk, the analysis shows the file is used for text processing (grep) to verify API structure, not executed as code.
  • [COMMAND_EXECUTION]: Includes instructions to maintain the development environment using standard package managers, such as upgrading the vendor CLI via pip and npm, and running local development tasks with pnpm and npx playwright.
  • [PROMPT_INJECTION]: The skill uses instructional language like 'Important' and 'You MUST', but these are used for project alignment and workflow verification rather than attempting to bypass safety guardrails or override system instructions.
  • [INDIRECT_PROMPT_INJECTION]: The agent is instructed to ingest a live OpenAPI schema to guide code generation. While this creates a dependency on external data, the source is the vendor's authenticated API, and the data is used to ensure compatibility with the platform's own services.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:01 PM
Security Audit — agent-trust-hub — iblai-vibe-monetization-analytics