react-native-app
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses well-established and trusted third-party libraries including @react-navigation, @reduxjs/toolkit, and axios for its core functionality.
- [SAFE]: Network operations in the code snippets target the placeholder domain 'api.example.com', which is standard practice for templates and tutorials.
- [SAFE]: Authentication management is demonstrated using '@react-native-async-storage/async-storage' for token persistence, which is a common and appropriate pattern for mobile development.
- [SAFE]: The skill includes a 'Best Practices' section that explicitly advises against storing sensitive data in plain text and recommends using environment variables for API endpoints.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it ingests and renders data from external APIs (e.g., in
references/functional-component-with-hooks.mdandreferences/state-management-with-redux.md). - Ingestion points: Data is fetched via
fetchandaxiosfrom external API endpoints. - Boundary markers: No explicit delimiters or boundary markers are used when rendering API data (e.g.,
{item?.title}). - Capability inventory: The skill does not possess high-risk capabilities such as arbitrary command execution, file writing, or dynamic code evaluation (eval/exec).
- Sanitization: No explicit sanitization or filtering of API content is shown in the provided code snippets, relying on standard React Native rendering behavior.
Audit Metadata