capacitor-live-update
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill exclusively uses official vendor resources from the 'capawesome-team'. All NPM packages (@capawesome/cli, @capawesome/capacitor-live-update) and API domains (cloud.capawesome.io) are verified assets belonging to the author.
- [SAFE]: Authentication practices are secure. The skill correctly instructs users to use token-based authentication with repository secrets (e.g., GitHub Secrets, GitLab CI/CD variables) for automated workflows instead of hardcoding sensitive credentials.
- [SAFE]: No obfuscation, prompt injection, or malicious persistence mechanisms were detected. The instructions for testing and implementation are transparent and follow standard mobile development workflows.
- [SAFE]: Indirect prompt injection risks are minimal. While the skill interpolates user-provided data (such as App IDs or version codes) into CLI commands, these inputs are well-defined and processed within the context of the vendor's own command-line interface tool.
Audit Metadata