Skills
skills/scandit/scandit-sdk-skills/label-capture-cordova/Gen Agent Trust Hub

label-capture-cordova

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill follows its stated purpose of assisting with Scandit SDK integration for Cordova.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent and users to official Scandit documentation and code samples hosted on docs.scandit.com and github.com/Scandit. These are legitimate vendor-controlled resources.
  • [DATA_EXFILTRATION]: The skill uses explicit placeholders (-- ENTER YOUR SCANDIT LICENSE KEY HERE --) for license keys in all code examples, ensuring that users are prompted to provide their own credentials securely rather than hardcoding them.
  • [COMMAND_EXECUTION]: The skill provides instructions for standard Cordova and native development commands (e.g., cordova plugin add, pod install). These are necessary for the development workflow and are presented transparently to the user.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user project files such as config.xml and JavaScript source code to provide context-aware migration and integration advice. This represents a functional surface for processing untrusted data, but no exploitable patterns or lack of sanitization were observed in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 04:09 PM