capacitor-plugin-upgrades
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands, including 'npm install', 'npx cap sync', 'npm run verify', 'npm run build', and 'npm test'. These commands are necessary for the skill's primary purpose of upgrading and verifying plugins.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted data from local project files that can influence its behavior.
- Ingestion points: Reads dependency versions and script definitions from the 'package.json' file in the local workspace (SKILL.md Step 1 and Step 4).
- Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish between its own logic and instructions that might be embedded within the project files.
- Capability inventory: The skill has the capability to execute subprocesses via the 'npm' and 'npx' command-line tools across multiple files.
- Sanitization: There is no evidence of validation or sanitization of the script names or version strings extracted from 'package.json' before they are used in command execution.
Audit Metadata