matrixscan-ar-cordova
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, such as hardcoded credentials, unauthorized network exfiltration, or obfuscated code, were found in the skill files. All external links point to official documentation (docs.scandit.com) or vendor-owned repositories (github.com/Scandit).
- [PROMPT_INJECTION]: The skill processes user-supplied JavaScript and TypeScript source files to facilitate API migrations and integrations. This creates a surface for indirect prompt injection where malicious instructions embedded in a project's source code could potentially influence the agent's behavior. This is an inherent risk factor for coding assistant skills.
- Ingestion points: Processes application source code files (e.g.,
EmptyApp.js,MigrationSimpleSample.js) provided by the user. - Boundary markers: There are no explicit instructions or delimiters used to isolate or ignore potential natural language instructions within the processed code.
- Capability inventory: The skill is authorized to use file-editing tools to apply code changes to the user's project.
- Sanitization: No specific sanitization or validation of the input source code is defined.
Audit Metadata