Skills
skills/capawesome-team/skills/capacitor-app-development/Gen Agent Trust Hub

capacitor-app-development

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation in references/ios-package-managers.md recommends using sudo gem install cocoapods for global package installation. The use of sudo for software installation is a privilege escalation risk.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading and installing numerous third-party packages from NPM and RubyGems, including official Capacitor plugins and community extensions.
  • [PROMPT_INJECTION]: The skill implements an automated project analysis procedure (Cat 8
  • Indirect Prompt Injection surface).
  • Ingestion points: The agent is instructed to read package.json, capacitor.config.ts, and inspect native directory structures (android/, ios/) to determine the project state.
  • Boundary markers: None. The skill does not define delimiters or warnings to ignore instructions embedded in the project files.
  • Capability inventory: The agent has the capability to execute shell commands (npx cap, npm), modify project files, and navigate the filesystem.
  • Sanitization: There is no instruction to sanitize or validate data (such as version strings or config values) read from the local files before using them to make decisions or formulate commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 09:44 PM