Skills
skills/igniscloud/web-fullstack-workflow/ignis-login/Gen Agent Trust Hub

ignis-login

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides comprehensive documentation and a functional example for integrating IgnisCloud ID authentication into Ignis services.
  • [SAFE]: The implementation demonstrates security best practices, such as utilizing the OAuth2 Authorization Code flow with Proof Key for Code Exchange (PKCE) and state parameters to mitigate CSRF and authorization code injection attacks.
  • [SAFE]: Network operations are restricted to the vendor's official domain (id.igniscloud.dev) for authentication and user information retrieval.
  • [SAFE]: Sensitive information such as Client IDs and Secrets are managed via environment variables rather than being hardcoded in the source code.
  • [SAFE]: The documentation includes explicit security guidance, advising users to remove the test_password provider before deploying to production environments.
  • [SAFE]: The skill processes user profile data (nickname, avatar URL) from a trusted identity provider, which is a standard authentication function without exposure to dangerous capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 08:18 AM
Security Audit — agent-trust-hub — ignis-login