capawesome-cli
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands using
npmand the@capawesome/cliutility for tasks such as app management, native builds, and environment configuration. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
@capawesome/clipackage from the public NPM registry, which is the standard distribution channel for this vendor's tooling. - [CREDENTIALS_UNSAFE]: The documentation demonstrates how to handle sensitive information like authentication tokens and certificate passwords using environment variables and secure CI/CD secrets, aligning with security best practices for automated workflows.
- [PROMPT_INJECTION]: The skill manages project-specific settings through a
capawesome.config.jsonfile. While this configuration allows for custom build and dependency installation commands, this behavior is a primary and expected feature of the build tool and relies on the integrity of the project's source repository.
Audit Metadata