iblai-vibe-security-owasp-audit
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local security auditing utilities such asnpm auditandpip auditon the target codebase. This is a standard and expected operation for a security tool. - [DATA_EXPOSURE]: The instructions direct the agent to search for sensitive information including hardcoded credentials, API keys, and private keys using
Grep. This data is collected specifically for inclusion in the security report provided to the user and there is no evidence of external exfiltration. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to read and analyze untrusted source code, it possesses an inherent attack surface for indirect prompt injection. However, the risk is mitigated by explicit instructions to refuse requests for creating backdoors, weakening security controls, or writing exploits. The skill focuses on detection and remediation of vulnerabilities.
Audit Metadata