expo-crypto-dpop
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references documentation and library resources at
rn-libs.fe.ddocdoc.dev. This domain is associated with the skill's organization (ddocdoc) and is used for legitimate technical documentation. - [COMMAND_EXECUTION]: No direct command execution or shell spawning patterns were identified. The skill focuses on cryptographic operations within a React Native application context.
- [DATA_EXFILTRATION]: The skill manages cryptographic keys and JWT tokens. It correctly utilizes
expo-secure-store, which leverages platform-native secure enclaves (iOS Keychain and Android KeyStore), following security best practices for token binding. - [PROMPT_INJECTION]: No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found in the markdown or metadata files.
- [SAFE]: The code patterns provided for Axios interceptors and token refreshing are standard implementations of the DPoP protocol, including necessary precautions such as stripping query parameters from the 'htu' claim as required by RFC 9449.
Audit Metadata