capgo-native-builds
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx @capgo/cli@latestto fetch the vendor's official command-line tool. This is a standard and expected behavior for a skill designed to work with the vendor's infrastructure. - [COMMAND_EXECUTION]: Instructions guide the agent to execute specific Capgo CLI commands for requesting builds and managing project configuration. These commands are restricted to the tool's intended use cases.
- [CREDENTIALS_UNSAFE]: The skill handles sensitive mobile signing information by directing the agent to use the Capgo CLI's built-in credential management features, emphasizing local storage to maintain security.
Audit Metadata