Skills
skills/cap-go/capacitor-skills/capacitor-app-upgrade-v6-to-v7/Gen Agent Trust Hub

capacitor-app-upgrade-v6-to-v7

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes the dynamic context feature (!) in SKILL.md to execute a local Node.js command when the skill is loaded. This command introspects the project's package.json file to identify existing Capacitor dependencies and their versions. This is a legitimate use of project-specific tooling to provide immediate context to the agent.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from the project environment, which introduces a potential surface for instructions embedded in that data to influence agent behavior.
  • Ingestion points: The project's package.json file, which is read and parsed by a Node.js script executed at load time in SKILL.md.
  • Boundary markers: Absent. The output of the package-scanning script is injected directly into the skill context without delimiters or instructions to ignore embedded content.
  • Capability inventory: The skill context includes instructions for native project updates and is configured with Bash tool access (specifically node -e) via the allowed-tools frontmatter.
  • Sanitization: None. The package names and version strings extracted from package.json are not validated or sanitized before being placed into the prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:41 AM