iblai-auth

SUSPICIOUS. The core behavior mostly aligns with an ibl.ai auth-integration skill and uses vendor-aligned endpoints, but it also instructs the agent to read a raw TOKEN from iblai.env and perform authenticated metadata writes, plus suggests installing additional skills. This is not clearly malicious, but it exceeds a minimal local auth setup and carries meaningful credential-handling and supply-chain risk.