iblai-chat
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs version checks by fetching JSON data from the official PyPI registry and the vendor's GitHub API, then pipes the output to a Python command for parsing. These operations target well-known services and vendor-owned repositories.
- [COMMAND_EXECUTION]: The skill utilizes command-line tools for project configuration and asset generation, including the installation and execution of the vendor's CLI.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it prompts the user for an 'agent/mentor ID' and uses this input to update environment variables and run CLI commands without describing explicit sanitization or validation steps.
- Ingestion points: User-provided agent/mentor ID in SKILL.md.
- Boundary markers: None identified for the user input.
- Capability inventory: Command execution via
iblai config setand file-write operations to.env.localin SKILL.md. - Sanitization: No sanitization or validation of the input is specified within the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://pypi.org/pypi/iblai-app-cli/json, https://api.github.com/repos/iblai/iblai-app-cli/releases/latest - DO NOT USE without thorough review
Audit Metadata