capacitor-plugin-generator
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard CLI tools to automate the development workflow, including initialization with
@capacitor/create-plugin, dependency installation vianpm install, and platform verification usinggradlewandswift build. - [EXTERNAL_DOWNLOADS]: Fetches configuration and project templates from the ionic-team's official GitHub repositories and established package registries like npm.
- [PROMPT_INJECTION]: The skill processes user-defined requirements via conversational input or the
references/input-contract.mdfile to generate code. It mitigates indirect injection risks by establishing a mandatory evidence chain: - Ingestion points: Reads structured YAML from
references/input-contract.md(Category 8 surface). - Boundary markers: Explicitly defines a schema and validation rules for the input contract in the instructions.
- Capability inventory: Restricts operations to building and local verification of the plugin scaffold using standard development tools.
- Sanitization: Instructs the agent to validate input against the schema and halt if specific blockers or high-complexity hooks are detected in the metadata.
Audit Metadata