capawesome-cloud
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates standard mobile development workflows including building, signing, and deploying iOS and Android applications. All sensitive credential handling (certificates, API keys, and tokens) uses placeholders for user input or environment variables, adhering to secure development practices.
- [EXTERNAL_DOWNLOADS]: The instructions reference the vendor's own CLI tool (@capawesome/cli) and a common community tool for App Store Connect (asc). These are standard utilities in the Capacitor ecosystem for managing cloud builds and store submissions.
- [COMMAND_EXECUTION]: The skill guides the user through various shell commands for project initialization, build triggering, and certificate management. These commands are executed locally by the developer or within a controlled CI/CD environment.
- [PROMPT_INJECTION]: The skill processes project configuration files (e.g., package.json, capacitor.config.ts) which could serve as a surface for indirect prompt injection. However, the instructions focus on standard build scripts and plugin configurations, and no attempts to bypass agent safety filters were identified.
Audit Metadata