Skills
skills/cap-go/capacitor-skills/webapp-to-capacitor/Gen Agent Trust Hub

webapp-to-capacitor

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection to execute shell commands when the skill is loaded. Specifically, it runs a Node.js script to parse package.json for specific dependencies and a find command to locate project configuration files (e.g., capacitor.config.*, Info.plist, AndroidManifest.xml). While these are used for project discovery, they execute automatically without user interaction.
  • [COMMAND_EXECUTION]: The migration procedure instructs the agent to execute various CLI tools such as npx cap sync, npx cap open, and @capgo/cli. These are standard development commands for the Capacitor ecosystem and the author's own platform.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the local file system (contents of package.json and file paths) and injects it into the agent's context.
  • Ingestion points: Reads package.json via a Node.js one-liner and gathers file paths using find in SKILL.md.
  • Boundary markers: None provided to separate the injected file data from the agent instructions.
  • Capability inventory: The skill encourages the use of shell commands (npx, node) which can be influenced by the discovered project metadata.
  • Sanitization: The Node.js script filters for specific package names but does not sanitize the values (versions or script contents) before they are included in the prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 12:03 PM