reanimated-skia-performance
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The content is purely instructional and technical. There are no attempts to override system prompts or bypass safety filters.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations (curl, wget, fetch) were detected.
- Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or encoded commands were found in the documentation or snippets.
- Remote Code Execution & Dependencies (SAFE): The skill references standard libraries like
react-native-reanimatedand@shopify/react-native-skia. There are no commands for downloading or executing remote scripts. - Privilege Escalation (SAFE): No administrative commands, shell modifications, or permission changes (sudo, chmod) are present.
- Persistence Mechanisms (SAFE): No modifications to shell profiles, cron jobs, or startup services were found.
- Indirect Prompt Injection (SAFE): The skill provides static guidelines for a developer/agent to follow. It does not include tools or patterns that ingest and process untrusted external data in an exploitable way.
- Dynamic Execution (SAFE): While it mentions
Skia.RuntimeEffect.Makefor shader compilation, this is a standard, safe GPU-bound operation within the documented library's context and does not involve untrusted inputs or host-level code execution.
Audit Metadata