upgrading-expo
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute various shell commands for clearing caches, reinstalling dependencies, and running diagnostics. Evidence found in
SKILL.mdandreferences/new-architecture.mdincludes commands likenpx expo install expo@latest,rm -rf node_modules .expo,watchman watch-del-all,cd ios && pod install --repo-update, andcd android && ./gradlew clean. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx,bunx,pod, andgradleto download and install external packages and native dependencies from the npm registry and other official sources. These references target well-known services within the Expo and React Native ecosystems, such asexpo,expo-doctor, andreact-native-worklets. - [PROMPT_INJECTION]: An indirect prompt injection surface is identified as the skill processes local project configuration files (
package.json,app.json,babel.config.js,metro.config.js). - Ingestion points: Local configuration files in the project root (
SKILL.md). - Boundary markers: None present in the instructions to delimit or ignore embedded instructions within processed files.
- Capability inventory: Extensive file system modification and command execution via
npx,rm,pod, andgradlew(SKILL.md,references/new-architecture.md). - Sanitization: No explicit sanitization or validation of the input file content is described before execution or modification.
Audit Metadata