Skills
skills/cap-go/capgo-skills/capacitor-app-upgrades/Gen Agent Trust Hub

capacitor-app-upgrades

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command syntax) in SKILL.md to execute node -e and find at load time. These commands are used exclusively to gather project metadata, such as Capacitor package versions and configuration paths, ensuring the agent starts with an accurate snapshot of the environment.
  • [DATA_EXPOSURE]: The skill reads the project's package.json file. This operation is limited to extracting version strings for official Capacitor dependencies and does not involve accessing sensitive user data, credentials, or environment variables.
  • [SAFE]: The skill includes an allowed-tools configuration that restricts the use of the Bash tool to only the specific commands needed for its operation (node -e and find), demonstrating adherence to the principle of least privilege.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 05:16 PM