Skills
skills/evanbacon/evanbacon.dev/universal-links/Gen Agent Trust Hub

universal-links

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to run bunx setup-safari and npx setup-safari. These commands download and execute code directly from the npm registry. Because 'setup-safari' is not a package from a trusted organization (as defined in the security policy) and the version is not pinned, this introduces a risk of supply chain attacks or the execution of unverified code.
  • [COMMAND_EXECUTION] (LOW): The skill requires the execution of multiple system commands, including npx expo run:ios, npx eas-cli deploy, and curl for debugging. These operations interact with the local filesystem and network, which is expected for development but requires the user to trust the underlying CLI tools.
  • [CREDENTIALS_UNSAFE] (INFO): The instructions suggest using the EXPO_APPLE_ID environment variable. While an Apple ID is typically a public email address, users should remain cautious when providing identifiers to third-party CLI tools that interact with the Apple Developer Portal.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 05:35 PM