upgrading-expo
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The command
bunx xcobra expo eval "_IS_FABRIC"inreferences/new-architecture.mdinvolves the installation and execution of a non-standard package. This tool is not a recognized part of the official Expo or React Native toolchain, potentially exposing the user to malicious code or dependency confusion attacks.\n- Indirect Prompt Injection (LOW): The skill identifies upgrade paths by reading external API data and local configuration files.\n - Ingestion points:
https://exp.host/--/api/v2/versions,package.json, andapp.json.\n - Boundary markers: No explicit delimiters are used to separate external data from agent instructions.\n
- Capability inventory: The skill can execute package managers (
npx expo install), delete project files (rm -rf), and trigger native builds (npx expo prebuild).\n - Sanitization: No input sanitization is performed on the ingested data before processing.\n- Command Execution (SAFE): The skill contains standard commands for managing React Native projects, such as
rm -rf node_modules,watchman watch-del-all, andpod install. While these commands are powerful, they are used within their intended primary purpose for project maintenance.
Audit Metadata