iblai-vibe-monetization

Warn

Audited by Snyk on Jul 7, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required workflow fetches the live OpenAPI schema from a public runtime URL (curl ... https://api.iblai.app/dm/api/docs/schema/), which is outsider-authored free text (YAML) that can be read/grepped and thus injected into the agent/LLM context.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). This skill is explicitly built for payments: it names Stripe Connect Express, describes paywalls and Stripe checkout flows, exposes DM API endpoints under /stripe/connect and /api/billing, and documents onboarding, checkout, and subscription/cancellation flows that move money via Stripe. These are specific payment gateway integrations (Stripe Connect), so it grants direct financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 7, 2026, 01:02 PM
Issues
2
Security Audit — snyk — iblai-vibe-monetization