iblai-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows established patterns for component integration and developer tooling.
- [EXTERNAL_DOWNLOADS]: The skill fetches metadata from PyPI, NPM, and GitHub to check for the latest versions of the vendor's CLI tools. These operations target official, well-known registries and are used solely for version verification.
- [COMMAND_EXECUTION]: Commands identified by automated scans as potentially risky are benign data parsing operations. Specifically, piping JSON metadata from
curlto apython3 -cone-liner is used to extract version strings from the response data, rather than executing remote scripts. - [COMMAND_EXECUTION]: standard build and test commands like
npm run build,npm run dev, andnpx playwrightare used for project verification.
Audit Metadata