The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): In references/new-architecture.md, the skill suggests the command bunx xcobra expo eval "_IS_FABRIC". The use of xcobra is suspicious as it is not a recognized standard tool in the React Native or Expo ecosystems. Running unverified packages via bunx or npx can lead to the execution of malicious code if the package name is typosquatted or contains a supply chain attack.
[EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to install external packages like react-native-worklets and expo-symbols. While these are often legitimate, the instruction to install react-native-worklets specifically for SDK 54+ should be verified against official Expo documentation.
[DATA_EXPOSURE] (SAFE): The rm -rf node_modules .expo command is a standard cleanup procedure for Expo projects and does not target sensitive user directories (like ~/.ssh).
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process and modify project configuration files (e.g., app.json, package.json). An attacker who successfully injects malicious instructions into these files could potentially influence the behavior of the agent when it performs these upgrade tasks. Evidence:
Ingestion points: Reads app.json, package.json, babel.config.js, and metro.config.js (referenced in SKILL.md).
Boundary markers: None present; the skill lacks explicit instructions to ignore embedded instructions within the project files it parses.
Capability inventory: Includes shell command execution via npx, bunx, and file system modifications (rm, cd).
Sanitization: No evidence of sanitization for the data read from project configuration files.

upgrading-expo