The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute shell commands at load time. It runs a Node.js script to read package.json and filter for migration-related dependencies (Cordova and Capacitor plugins). It also uses the find command to locate configuration files like config.xml and capacitor.config.ts. These operations are used to provide the user with a 'Live Project Snapshot' and are standard development project inspection tasks.
[COMMAND_EXECUTION]: The instructions provided for the user include standard CLI operations for hybrid app development, such as npm install, npx cap init, and platform-specific build commands. These are educational in nature and follow best practices for the Capacitor ecosystem.
[INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface where it processes data from local project files (package manifests and directory structures). While this allows external data to enter the agent's context, the risk is minimal as the processing is limited to structured parsing for specific dependency names and file paths, with no evidence of instructions being extracted from the untrusted data.

cordova-to-capacitor