ionic-enterprise-sdk-migration
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures the agent to use a private npm registry at https://npm.registry.capawesome.io and installs packages under the @capawesome-team scope. These are official vendor resources necessary for the migration process.
- [COMMAND_EXECUTION]: The skill executes development commands including npm install, npm uninstall, npx cap sync, and grep for project analysis and dependency management. These actions are aligned with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it reads and analyzes external data from project files such as package.json and various source code files.
- Ingestion points: Reads package.json and performs recursive grep searches on .ts, .tsx, .js, and .jsx files within the project directory.
- Boundary markers: None identified; the skill does not explicitly instruct the agent to ignore potentially malicious content within these files.
- Capability inventory: The agent can perform package management operations (install/uninstall) and project synchronization based on the results of the file scans.
- Sanitization: No sanitization or validation of the content retrieved from the local files is specified.
Audit Metadata