ashby
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
ashbyCLI tool to perform recruitment-related tasks. This is the primary and intended mechanism of the skill. - [EXTERNAL_DOWNLOADS]: The instructions recommend using
npx -y ashby-cli, which downloads the package from the official npm registry. This is a standard practice for Node.js-based tools and does not involve untrusted sources. - [CREDENTIALS_UNSAFE]: The skill handles Ashby API keys. It provides an
auth setupworkflow that saves the key to~/.config/ashby/config.json. The implementation correctly uses restrictive file permissions (mode 0600) to ensure the secret is only readable by the owner, following security best practices for CLI configuration management.
Audit Metadata