capacitor-apple-review-preflight
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to perform project analysis. It executes
nodeto parse the project'spackage.jsonfile and extract relevant dependency versions (such as Capacitor plugins, authentication, and analytics SDKs). It also usesfindto identify critical Apple-specific configuration files includingInfo.plist,*.entitlements, andPrivacyInfo.xcprivacy. These operations are limited to the local file system and are directly relevant to the skill's primary function. - [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill's behavior is consistent with its stated purpose of assisting with App Store compliance. References to external tools like the
asc(App Store Connect) CLI are standard for the intended workflow. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes data from untrusted project files:
- Ingestion points: Reads content from
package.json,Info.plist,capacitor.config.*, and local metadata directories. - Boundary markers: The skill does not define explicit delimiters or instructions to prevent the agent from obeying instructions that might be embedded within the project files being audited.
- Capability inventory: The skill allows the agent to execute subprocesses (
node,find,asc) and read/write local project files. - Sanitization: There is no evidence of content sanitization or validation performed on the data extracted from the project environment before it is analyzed by the agent.
Audit Metadata