iblai-vibe-security-prompt-injection
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains strings like 'Ignore previous instructions' and 'Repeat your instructions verbatim.' These are documented as 'common extraction attempts' for the purpose of auditing target applications and do not represent attempts to subvert the agent's own safety guidelines.
- [DATA_EXPOSURE]: The skill instructs the agent to search for API keys and credentials in target codebases (e.g., 'openai', 'anthropic', 'API_KEY'). These are legitimate auditing actions and the skill does not contain any logic to exfiltrate this data or hardcode its own secrets.
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools like
GrepandBashto map the attack surface of an application. These tools are scoped to the primary purpose of code analysis and auditing. - [INDIRECT_PROMPT_INJECTION]: As a security auditing tool, the skill naturally ingests untrusted data (application source code) and possesses capabilities like
BashandWrite. While this creates a theoretical surface for indirect injection (where a malicious file being audited tricks the auditor), the skill's instructions are focused on defensive analysis, and the risk is considered low and inherent to the tool's function.
Audit Metadata