capacitor-app-upgrade-v6-to-v7
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses dynamic context injection to execute a local Node.js script that reads the project's
package.json. This command is hardcoded and used solely to provide the agent with a snapshot of current@capacitor/package versions. This is a benign use of shell execution intended to facilitate the skill's primary purpose of migrating the application, with no access to sensitive system files or network exfiltration. - [SAFE]: While the skill ingests data from the local environment (
package.json), the risk of indirect prompt injection is negligible. The script specifically filters for dependency keys and version strings, preventing arbitrary content from the file from being interpreted as agent instructions.
Audit Metadata