iblai-vibe-security-cloud-audit
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute administrative commands via cloud provider CLIs (aws,gcloud,az). These commands are standard for auditing IAM configurations, storage bucket permissions, network security groups, and logging settings. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external cloud environments (via CLI tool outputs) to generate reports. This represents a potential surface for indirect prompt injection if resource metadata or tags in the audited environment contain malicious instructions.
- Ingestion points: Outputs from
aws,gcloud, andazCLI commands processed by the agent. - Boundary markers: The instructions include explicit scope boundaries to only audit accounts the user has access to.
- Capability inventory: Uses
Bash,Read,Write,Grep, andWebSearchtools. - Sanitization: No specific sanitization of CLI output is defined before prompt interpolation.
Audit Metadata