capacitor-plugins
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is entirely informational, consisting of documentation files (
.md) and metadata. It does not include executable scripts or automation code. - [EXTERNAL_DOWNLOADS]: The skill references a large number of Node.js packages for the Capacitor ecosystem, including official
@capacitor/*packages, vendor@capgo/*packages, and community@nicholasalx/*packages. These are presented as standard installation recommendations for developers and are documented neutrally. - [CREDENTIALS_UNSAFE]: References to API keys (e.g., in
capacitor-google-maps.md) use clearly defined placeholders likeYOUR_API_KEY_HERE. No hardcoded credentials or sensitive tokens were found. - [COMMAND_EXECUTION]: Instructions include standard development commands such as
npm installandnpx cap sync. These are routine operations for Capacitor project management. - [DATA_EXFILTRATION]: No patterns indicative of data exfiltration were found. Network operations mentioned (e.g., in
capacitor-http.mdorcapacitor-file-transfer.md) are part of documented plugin capabilities for application development. - [PROMPT_INJECTION]: The instructional content does not contain attempts to override agent behavior, bypass safety filters, or extract system prompts.
Audit Metadata