| name | plugin-integration-audit |
| description | Use when auditing or planning how Codex plugins/connectors should support ERTZU development, deployment, analytics, monitoring, payments, design, or reviews. |
Plugin Integration Audit
When To Use
Use this skill when mapping enabled plugins to ERTZU workflows, checking whether a plugin is connected, deciding which plugin should be used for a task, or preparing production development process docs.
ERTZU-Specific Instructions
- Prefer repository-based analysis when a plugin is unavailable or not connected.
- Do not invent plugin results. State when a plugin was not used or no callable tool was available.
- Match plugins to concrete ERTZU risks: marketplace logic, auth, RLS, payments, deployment, errors, analytics, design quality, and PR review.
- Keep plugin usage additive. Do not make plugin availability a prerequisite for local development.
Files And Areas To Inspect
docs/codex-plugin-strategy.md
AGENTS.md
docs/ai/PROJECT_CONTEXT.md
docs/ai/QUALITY_GATES.md
.github/workflows/supabase-migrations.yml
package.json
.env.example
src/app/api/stripe/route.ts
src/app/api/email/route.ts
supabase/*.sql
Concrete Checks
- Verify GitHub workflow expectations match current branch/PR/CI setup.
- Verify Build Web Apps and browser verification are used for real UI changes.
- Verify Superpowers workflows are used for planning, debugging, TDD, and completion where appropriate.
- Verify Codex Security is applied to auth, payments, RLS, privacy, and secrets reviews.
- Verify Supabase plugin use focuses on Auth, RLS, RPCs, migrations, and Storage.
- Verify Stripe plugin use focuses on PaymentIntents, capture, webhooks, fees, refunds, and payout timing.
- Verify Vercel plugin use focuses on build/deploy/log/env readiness.
- Verify PostHog, Sentry, SendGrid, Cloudinary, Figma, Product Design, and OpenAI Developers are marked as conditional if no repo integration exists.
Mistakes To Avoid
- Do not claim a plugin is connected just because it is listed as enabled.
- Do not replace source inspection with plugin assumptions.
- Do not run production-impacting plugin actions without explicit approval.
- Do not add third-party services to code just because a plugin exists.
- Do not blur Resend and SendGrid; current email code uses Resend.