capacitor-plugin-development
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows established Capacitor and mobile development best practices. All external resources and commands are aligned with the stated goal of plugin development.
- [EXTERNAL_DOWNLOADS]: Orchestrates the download of the official Capacitor plugin generator (@capacitor/plugin) and standard dependencies via the npm registry. These are well-known resources from a trusted ecosystem.
- [COMMAND_EXECUTION]: Guides the user through standard development lifecycle commands, including 'npm run build', 'npm run verify', and 'npx cap sync', to ensure project integrity across Web, iOS, and Android platforms.
- [DATA_EXFILTRATION]: Includes instructions for publishing the completed plugin source code to the public npm registry. This is the intended behavior for the distribution phase of plugin development.
- [PROMPT_INJECTION]: Represents an indirect prompt injection surface as it processes user-provided specifications into implementation code. Ingestion points: user-defined method names and descriptions in SKILL.md (Steps 2 and 3). Boundary markers: Markdown code blocks and headers are present. Capability inventory: Subprocess calls via npm and shell. Sanitization: Absent, as is typical for development-oriented code generation assistants.
Audit Metadata