capacitor-splash-screen
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the installation of
@capacitor/splash-screenand@capacitor/assetsvia bun. These packages originate from the '@capacitor' namespace which is not listed in the Trusted External Sources, making them unverifiable. - COMMAND_EXECUTION (MEDIUM): The command
bunx capacitor-assets generateexecutes code from the@capacitor/assetspackage. Because the package source is unverifiable, this constitutes an execution risk. - DATA_EXFILTRATION (SAFE): No evidence of sensitive file access or unauthorized network requests was found. Network references are limited to documentation and asset fetching for Lottie animations.
- PROMPT_INJECTION (SAFE): No instructions designed to override the agent's system prompt or bypass safety filters were detected.
- INDIRECT PROMPT INJECTION (LOW): The skill processes user-supplied assets (images) and local JSON files for animations. While this is an ingestion point, the capability is limited to UI generation and does not influence the agent's logic or decision-making processes.
Audit Metadata