capacitor-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends several plugins for Capacitor development, specifically from the @capacitor and @capgo scopes. These are legitimate libraries for adding native functionality (biometrics, camera, root detection) to hybrid applications.
- [REMOTE_CODE_EXECUTION]: Provides implementation patterns for 'CapacitorUpdater', which enables Over-The-Air (OTA) updates for web assets. While this involves downloading and executing remote code, it is the primary intended functionality of the Capgo platform and is documented with security best practices such as certificate pinning.
- [DATA_EXFILTRATION]: No evidence of unauthorized data collection. The skill actually promotes security by advising against storing sensitive data in plain text and recommending secure biometric-backed storage instead.
- [PROMPT_INJECTION]: The content is purely instructional and does not contain any attempts to override agent behavior or bypass safety guardrails.
- [COMMAND_EXECUTION]: Contains standard development commands for package management (bun) and Capacitor CLI (cap sync). These are routine operations for the described use case.
Audit Metadata