Skills
skills/mikolajkopec/arc-skill/arc-framework/Gen Agent Trust Hub

arc-framework

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The documentation instructs users to install and use packages from the @arcote.tech scope (e.g., @arcote.tech/arc-cli, @arcote.tech/arc-host, @arcote.tech/arc). This scope is not included in the pre-defined list of trusted GitHub organizations or repositories.
  • COMMAND_EXECUTION (LOW): The skill utilizes bunx to execute CLI commands such as arc dev and arc build. While standard for development tools, these commands execute logic from external, untrusted packages.
  • CREDENTIALS_UNSAFE (MEDIUM): In references/host-server.md, the documentation explicitly states that if the JWT_SECRET environment variable is not set, the host server 'uses a hardcoded fallback secret'. Using hardcoded secrets for authentication is a significant security risk that can lead to unauthorized access if production environments are misconfigured.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:44 PM