quality-stack
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches research documentation in Markdown format from the author's public GitHub repository (
github.com/joaquimscosta/arkhe-claude-plugins). These documents are used to cross-reference detected tools with industry recommendations and provide setup instructions. - [COMMAND_EXECUTION]: The skill executes local Python scripts included in the
scripts/directory to perform project scanning. Additionally, it provides the agent with instructions to execute standard development commands (e.g.,./gradlew,npm,pnpm,uv) to install and configure tools based on user selection. - [PROMPT_INJECTION]: The skill processes external data from local project files (e.g.,
build.gradle,package.json,pyproject.toml) and remote research documents to determine its actions. - Ingestion points: Local project configuration files and remote Markdown documents fetched via WebFetch.
- Boundary markers: None explicitly defined for separating processed project data from instruction context.
- Capability inventory: File system modification and shell command execution for tool setup.
- Sanitization: Employs manual 'Setup Guards' and post-setup verification commands to ensure generated configurations are valid and functional.
Audit Metadata