mobile-framework-expo

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill config and runtime code call Expo Updates (Updates.checkForUpdateAsync / fetchUpdateAsync) which fetch and execute remote JavaScript from the OTA endpoint https://u.expo.dev/${process.env.EAS_PROJECT_ID}, enabling remote code execution at runtime.