capacitor-plugin-upgrades
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
npm install,npm run verify,npm run build, andnpm testas part of the upgrade and verification process. These commands run scripts defined by the project author inpackage.json, which could lead to arbitrary code execution if the project being upgraded is malicious. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from the local workspace's
package.jsonfile to determine its upgrade strategy. - Ingestion points: The skill uses a
node -escript to read and parse thepackage.jsonfile from the current working directory. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are used when processing the file data.
- Capability inventory: The skill has the capability to execute shell commands (
npm,npx,find), read files, and perform network operations via package managers. - Sanitization: No sanitization or validation of the ingested
package.jsoncontent is performed before it is used to influence the agent's actions. - [EXTERNAL_DOWNLOADS]: The skill triggers
npm install, which downloads dependencies from the public npm registry based on the definitions in the project's manifest files.
Audit Metadata