matrixscan-count-cordova
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as data exfiltration, credential harvesting, or unauthorized persistence, were detected. The skill is focused on providing technical guidance for the Scandit SDK.
- [PROMPT_INJECTION]: The skill contains instructions designed to prioritize provided documentation over training data to ensure API accuracy. This is a functional steer for reliability and does not constitute a malicious attempt to override safety protocols.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install official Scandit Cordova plugins (@scandit-cordova-datacapture-core and @scandit-cordova-datacapture-barcode). These are legitimate resources from the verified author.
- [SAFE]: The skill possesses an indirect prompt injection surface as it is designed to read, analyze, and modify user-provided code files. This behavior is the primary intended purpose of the development assistant and does not indicate a malicious configuration.
- Ingestion points: User project files (e.g., JavaScript and TypeScript entry points like EmptyApp.js).
- Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: The agent uses file editing tools to implement SDK integration logic.
- Sanitization: Content is processed based on provided API references without additional sanitization.
Audit Metadata