capacitor-plugin-upgrade-v7-to-v8
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading local configuration files.
- Ingestion points: Reads project
package.jsonto identify dependency ranges. - Boundary markers: No delimiters are used to isolate data from agent instructions.
- Capability inventory: Performs
npm installand native file modifications. - Sanitization: No verification of the data read from project files is performed.
- [EXTERNAL_DOWNLOADS]: The skill updates project dependencies by running
npm installto fetch packages from the npm registry.
Audit Metadata