iblai-vibe-monetization-analytics
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches branding assets, environment templates, and documentation from the author's official GitHub repository (
github.com/iblai/vibe). These are trusted resources used for project configuration. - [EXTERNAL_DOWNLOADS]: Downloads an OpenAPI schema from the vendor's API (
api.iblai.app) to validate endpoint paths and methods. While the automated scanner flagged this as a potential remote code execution risk, the analysis shows the file is used for text processing (grep) to verify API structure, not executed as code. - [COMMAND_EXECUTION]: Includes instructions to maintain the development environment using standard package managers, such as upgrading the vendor CLI via
pipandnpm, and running local development tasks withpnpmandnpx playwright. - [PROMPT_INJECTION]: The skill uses instructional language like 'Important' and 'You MUST', but these are used for project alignment and workflow verification rather than attempting to bypass safety guardrails or override system instructions.
- [INDIRECT_PROMPT_INJECTION]: The agent is instructed to ingest a live OpenAPI schema to guide code generation. While this creates a dependency on external data, the source is the vendor's authenticated API, and the data is used to ensure compatibility with the platform's own services.
Audit Metadata