iblai-vibe-monetization

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides several shell command examples for the agent to use when validating the API contract. These include using curl to fetch an OpenAPI schema, grep for pattern matching, and python3 or yq for parsing YAML content. These commands are used for legitimate developer-oriented tasks and do not involve insecure patterns like piping to a shell or executing untrusted scripts.
  • [EXTERNAL_DOWNLOADS]: The skill references and downloads resources from external sources, specifically documentation and brand guidelines from the vendor's GitHub repository (raw.githubusercontent.com/iblai/) and a live OpenAPI schema from the vendor's API gateway (api.iblai.app). These resources are used for configuration and validation purposes and originate from the author's own infrastructure.
  • [SAFE]: The skill follows security best practices, such as instructing the agent to use environment variables for tokens and describing how the backend uses 404 responses instead of 403 to prevent record enumeration. No prompt injection or data exfiltration behaviors were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:01 PM
Security Audit — agent-trust-hub — iblai-vibe-monetization