The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to run eas-cli commands. Access is properly restricted in the metadata to only commands starting with eas, which significantly reduces the risk of arbitrary command injection.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill queries aggregate metrics (crash rates, install counts) from Expo's official services. This behavior is consistent with the skill's primary purpose and does not involve accessing sensitive local files or secrets like private keys or environment variables.
[EXTERNAL_DOWNLOADS]: The skill references the eas-cli package, which is a standard tool maintained by the vendor (Expo). Instructions for installation are provided as prerequisites for the user, rather than being executed automatically by the agent.
[INDIRECT_PROMPT_INJECTION]: The skill processes JSON output from the CLI, which may include user-defined update messages. While this represents a potential data ingestion surface, the risk is negligible as the data originates from the user's own Expo project and the skill's capabilities are restricted to the vendor's CLI.

eas-update-insights