capacitor-security
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
bunxto download and run thecapsecpackage. This is the intended delivery method for the vendor's security tool and is considered safe within the vendor's context.\n- [COMMAND_EXECUTION]: The skill enables the execution of CLI commands to scan the local filesystem for security issues.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection through the processing of untrusted project data.\n - Ingestion points: Project source files and configuration data (SKILL.md).\n
- Boundary markers: Absent.\n
- Capability inventory: File system access and CLI command execution (SKILL.md).\n
- Sanitization: Not present in the documented workflow.
Audit Metadata