react-native-brownfield-migration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the '@callstack/react-native-brownfield' package via npm and references official documentation hosted at 'oss.callstack.com'. These are trusted resources originating from the skill's authoring organization.
- [COMMAND_EXECUTION]: The instructions utilize 'npx brownfield' for packaging and publishing artifacts (AAR and XCFramework), as well as 'pod install' for iOS dependency management. These commands are necessary for the primary function of the skill and utilize the vendor's own CLI tools.
- [PROMPT_INJECTION]: The skill identifies the project type by inspecting 'package.json' and 'app.json', which creates a surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: 'package.json' and 'app.json' are evaluated in 'SKILL.md' and 'quick-start.md' to determine the migration path.
- Boundary markers: No explicit delimiters or warnings are used when the agent reads these configuration files.
- Capability inventory: The skill can execute package manager commands, native build tools, and generate native source code files.
- Sanitization: The instructions do not specify validation or sanitization of the content found within the configuration files.
Audit Metadata