Skills
skills/adibfirman/dotfiles/react-native-best-practices/Gen Agent Trust Hub

react-native-best-practices

Fail

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation includes a command that downloads and immediately executes a remote script.
  • In references/js-measure-fps.md, the command curl https://get.flashlight.dev | bash is recommended for installing the Flashlight performance tool. Piping remote content directly to a shell bypasses verification and is highly susceptible to man-in-the-middle attacks or domain compromise.
  • [COMMAND_EXECUTION]: The skill provides numerous instructions involving the execution of powerful CLI tools and scripts with potentially broad system access.
  • references/bundle-analyze-js.md: Uses npx react-native bundle and npx source-map-explorer to generate and analyze JS assets.
  • references/bundle-r8-android.md: Suggests running ./gradlew assembleRelease and other Gradle tasks that involve native compilation and code optimization.
  • references/native-measure-tti.md: Provides commands for environment-specific binary checks and platform-level performance monitoring.
  • [EXTERNAL_DOWNLOADS]: The skill references several external resources and services for performance analysis.
  • references/bundle-analyze-app.md: Recommends using Emerge Tools, a third-party service, for visual analysis of binaries.
  • references/bundle-library-size.md: Directs users to bundlephobia.com and pkg-size.dev for evaluating dependency impact.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 3, 2026, 06:34 PM