capacitor-plugins
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard CLI tools for package management and project synchronization, including npm, npx, and pod.\n- [EXTERNAL_DOWNLOADS]: The guide includes steps to configure a private npm registry for @capawesome-team, the verified author of the skill.\n- [REMOTE_CODE_EXECUTION]: Documentation for the Live Update plugin describes the standard procedure for downloading and applying web asset bundles at runtime, which is a core functionality of the plugin.\n- [PROMPT_INJECTION]: The skill instructs the agent to read local project manifest files (e.g., package.json) to automate configuration, creating an indirect prompt injection surface.\n
- Ingestion points: Project configuration files (package.json, AndroidManifest.xml, Info.plist).\n
- Boundary markers: None.\n
- Capability inventory: Package installation and native configuration modification.\n
- Sanitization: Relies on default agent safety filters.\n- [SAFE]: No malicious patterns, hardcoded secrets, or unauthorized exfiltration attempts were identified. All actions are consistent with the primary purpose of a mobile development assistant.
Audit Metadata