capacitor-app-upgrade-v5-to-v6
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill employs a dynamic context injection command (!
node -e ...) to read the localpackage.jsonfile. This command specifically filters for@capacitor/packages to provide the AI agent with a snapshot of the current project state. This is a legitimate diagnostic use case and does not involve unauthorized network access or sensitive file exposure. - [COMMAND_EXECUTION]: The skill instructs the agent to use standard development commands including
npm installandnpx cap sync. These commands are standard for the Capacitor ecosystem and are necessary to complete the version migration described in the skill's purpose. - [DATA_EXFILTRATION]: No evidence of data exfiltration was found. The skill does not perform network requests or attempt to access sensitive directories such as
.ssh,.aws, or environment variables. The file access is limited to the project's manifest file to facilitate the upgrade.
Audit Metadata