I cannot answer completely as I am not a UiPath employee but I can give my insight as a member who has posted components on UiPath go. In my experience the grading and acceptance of workflows and code is very strict. Down to the naming and structure of the workflows is even taken into account. My guess is that if they are requiring revisions based on variable naming formats, they are most likely doing in depth code reviews to make sure that no malicious code exists. I personally wouldn’t be too worried about Packages from UiPath go marketplace or any of the package locations that come standard in the package manager.