upgrading-react-native
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
sudoforxcode-selectandxcodebuildto configure the system-level Xcode toolchain path. This is a standard administrative requirement for iOS development environments and matches the official React Native setup instructions. - [EXTERNAL_DOWNLOADS]: Template diffs and release information are fetched from the
react-native-communityGitHub organization. These resources are well-known, community-standard assets for managing React Native upgrades. - [REMOTE_CODE_EXECUTION]: The workflow downloads the
gradle-wrapper.jarbinary from thereact-native-communityrepository to update the Android build system. While this is an executable binary, it is a standard part of the official React Native project template and is retrieved from a recognized community source. - [PROMPT_INJECTION]: The skill's process for analyzing project configuration files like
package.jsonrepresents an indirect prompt injection surface. Ingestion points: Applicationpackage.jsonand project directories. Boundary markers: The skill mandates creating a multi-phase execution plan and performing manual verification. Capability inventory: Package management commands, network requests viacurl, and system-level configuration commands. Sanitization: Risk is mitigated through manual regression testing and environment health checks.
Audit Metadata