capacitor-plugin-upgrade-v5-to-v6
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read and process untrusted external data from the user's project files during the upgrade process.
- Ingestion points: Reads project configuration files such as package.json.
- Boundary markers: No explicit delimiters or instructions are provided to distinguish file content from the agent's primary instructions.
- Capability inventory: The skill allows for local file modifications and the execution of package manager commands.
- Sanitization: No sanitization or validation of the input file content is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill directs the user or agent to run npm install, which downloads updated Capacitor dependencies from the well-known npm registry.
Audit Metadata