iblai-component
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill contains instructions for the AI assistant to execute
iblaiCLI commands such asadd,startapp, andupdate-gallery. These commands are essential for the skill's primary purpose of application development and project management within the vendor's ecosystem. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch metadata from
pypi.organdapi.github.comto check for CLI updates. These sources are well-known, trusted registries and service providers. - [REMOTE_CODE_EXECUTION]: The skill includes patterns where JSON metadata from trusted remote sources is piped to a local Python interpreter. However, the execution is limited to a hardcoded, non-malicious script (
python3 -c "...") designed solely for parsing version information from the response data, rather than executing arbitrary remote code.
Audit Metadata