isometric-ops

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/check-iso-facts.py includes a live verification mode that fetches package metadata from the official npm registry (registry.npmjs.org). This is used solely to ensure that third-party library references in the documentation remain accurate.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to clone the iso-studio companion application from a GitHub repository owned by the skill's author (github.com/0xDarkMatter/iso-studio).
  • [COMMAND_EXECUTION]: The skill includes Python scripts that use subprocess.run to call curl for registry checks. These commands use hardcoded URLs and are used for advisory consistency checks.
  • [COMMAND_EXECUTION]: The skill provides numerous CLI examples for using tools like uv, node, and blender to process assets. These are documented as standard parts of the asset creation workflow and operate on local files provided within the skill or generated by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — isometric-ops