iblai-vibe-security-dependency-audit

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes untrusted project manifests and code, which is a surface for indirect prompt injection.\n
  • Ingestion points: Reads dependency manifests (e.g., package.json, requirements.txt) and source code for manual auditing.\n
  • Boundary markers: The skill does not define specific delimiters for separating user-provided data from instructions.\n
  • Capability inventory: Has access to Bash, WebSearch, and file system tools for deep project analysis.\n
  • Sanitization: No explicit data sanitization or filtering is described.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run local auditing commands such as npm audit, pip-audit, safety, and trivy to analyze project dependencies.\n- [EXTERNAL_DOWNLOADS]: The security auditing tools used by the skill connect to well-known registries and vulnerability databases to fetch advisory information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:01 PM
Security Audit — agent-trust-hub — iblai-vibe-security-dependency-audit