capacitor-app-upgrade-v7-to-v8
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from local project files, creating a surface for indirect prompt injection. \n
- Ingestion points: Reads package version information from package.json as described in SKILL.md.\n
- Boundary markers: Absent; the skill does not include delimiters or instructions to ignore embedded commands in project files.\n
- Capability inventory: Command execution via npm install and npx cap sync as defined in SKILL.md.\n
- Sanitization: Absent; there is no validation or filtering of the content read from package.json.\n- [COMMAND_EXECUTION]: The skill requires the execution of shell commands such as npm install and npx cap sync to perform the upgrade. These commands are standard for the development lifecycle of a Capacitor project.
Audit Metadata