expo-api-routes
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides an example of a proxy for OpenAI where user-provided prompts are sent to the API. This is a common pattern for server-side AI integrations. The guidelines explicitly recommend input validation and sanitization as a rule.
- [EXTERNAL_DOWNLOADS]: The documentation references the installation of
eas-clifor deployment and the@libsql/client/webpackage for database access. Both are official tools from established vendors (Expo and Turso). - [CREDENTIALS_UNSAFE]: The guidelines promote the use of environment variables for managing API keys and database credentials, ensuring they remain on the server and are not exposed to the client-side application.
Audit Metadata