Skills
skills/jonmumm/skills/expo-testing/Gen Agent Trust Hub

expo-testing

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands (e.g., xcodebuild, xcrun simctl, npx expo) to manage the build and deployment process. These commands use variables such as <AppName> and <bundleId> which are intended to be extracted from the local project environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its configuration detection logic. It reads values like bundleIdentifier from app.json or eas.json and interpolates them into system commands without validation or boundary markers. A malicious repository could include specially crafted configuration files designed to execute arbitrary shell commands when an agent attempts to build or test the project.
  • Ingestion points: app.config.js, app.json, eas.json, and .detoxrc.js (referenced in SKILL.md).
  • Boundary markers: None; the skill does not instruct the agent to verify or sanitize the content of these files before use.
  • Capability inventory: High-privilege shell access via xcodebuild and xcrun (referenced in SKILL.md).
  • Sanitization: Absent; values are used directly in shell command templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:41 PM