capacitor-plugins
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches plugin packages from the public npm registry and the official Capawesome registry.
- [EXTERNAL_DOWNLOADS]: The Intune configuration procedure downloads the IntuneMAMConfigurator utility from Microsoft's official GitHub repository.
- [COMMAND_EXECUTION]: Executes standard development commands including npm install, npx cap sync, and pod install to manage project dependencies.
- [COMMAND_EXECUTION]: Executes the IntuneMAMConfigurator binary to apply Microsoft Intune policies to iOS configuration files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from project files and possesses significant capabilities such as package installation and file modification. Ingestion points: Reads package.json and scans directory structures. Boundary markers: None. Capability inventory: Performs npm install and modifies AndroidManifest.xml and Info.plist. Sanitization: None.
Audit Metadata