expo-dev
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends executing
npx testflightas a shortcut for building and submmitting apps. No official tool by this name exists in the Expo ecosystem, and thetestflightpackage on npm is abandoned, creating a potential vector for executing hijacked or malicious code if the name is claimed by an attacker. \n - [COMMAND_EXECUTION]: The skill mentions running
bunx xcobra expo evalfor architecture verification. Thexcobrapackage is unverified and is not a recognized part of the standard Expo or React Native development stack. \n - [NO_CODE]: Several components of the skill (specifically CI/CD automation in SKILL.md and cicd.md) depend on internal scripts located in a
scripts/directory, such asfetch.jsandvalidate.js. These scripts are missing from the distributed files, preventing verification of their behavior and leaving the skill in an incomplete state. \n - [EXTERNAL_DOWNLOADS]: The skill identifies and fetches resources from official Expo domains (
api.expo.dev) and GitHub repositories (github.com/expo/expo). These are documented neutrally as trusted official sources for the Expo platform. \n - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. \n
- Ingestion points: User-provided development tasks and external documentation URLs from the web. \n
- Boundary markers: Absent; no instructions are provided to delimit or ignore instructions embedded within fetched data. \n
- Capability inventory: Executes build and deployment commands (
npx eas-cli), dependency management (npx expo install), and custom scripts (node fetch.js). \n - Sanitization: Absent; no validation or escaping of external content is performed before processing.
Audit Metadata