iblai-vibe-monetization
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several shell command examples for the agent to use when validating the API contract. These include using
curlto fetch an OpenAPI schema,grepfor pattern matching, andpython3oryqfor parsing YAML content. These commands are used for legitimate developer-oriented tasks and do not involve insecure patterns like piping to a shell or executing untrusted scripts. - [EXTERNAL_DOWNLOADS]: The skill references and downloads resources from external sources, specifically documentation and brand guidelines from the vendor's GitHub repository (
raw.githubusercontent.com/iblai/) and a live OpenAPI schema from the vendor's API gateway (api.iblai.app). These resources are used for configuration and validation purposes and originate from the author's own infrastructure. - [SAFE]: The skill follows security best practices, such as instructing the agent to use environment variables for tokens and describing how the backend uses 404 responses instead of 403 to prevent record enumeration. No prompt injection or data exfiltration behaviors were detected.
Audit Metadata