ashby
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with the official Ashby API (api.ashbyhq.com). No unauthorized external network calls were found.
- [SAFE]: Authentication management is handled securely. API keys are stored in a local configuration file with restrictive permissions (chmod 0600) and are redacted in human-readable terminal output to prevent accidental exposure.
- [SAFE]: The tool has a narrow functional scope focused on recruiting workflows. It lacks dangerous capabilities such as arbitrary shell command execution, dynamic code evaluation, or persistence mechanisms.
- [SAFE]: Prompt instructions in SKILL.md and README.md are operational and do not attempt to bypass agent safety filters or override system instructions.
- [SAFE]: All dependencies listed in package.json are well-known, standard libraries (e.g., commander, typescript) and are used for their intended purposes.
Audit Metadata