Skills
skills/keep-starknet-strange/starkclaw/expo-deployment/Gen Agent Trust Hub

expo-deployment

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill repeatedly instructs users to run 'npx testflight' (e.g., in SKILL.md and references/testflight.md). This command downloads and executes a package from the public npm registry. Since 'testflight' is not an official tool maintained by Expo or Apple, and the existing package on npm is unmaintained, this presents a significant risk of executing malicious code within the development environment.
  • [DATA_EXFILTRATION]: In references/app-store-metadata.md, the skill provides an example of a dynamic configuration file (store.config.js) using 'fetch()' to retrieve metadata from an external URL. This pattern can be exploited to exfiltrate local environment variables or sensitive project data to an attacker-controlled server during the build or submission process.
  • [COMMAND_EXECUTION]: The skill heavily utilizes high-privilege commands like 'eas-cli' and 'npx' for build and credential management. It also defines custom shell execution blocks within EAS Workflows (references/workflows.md) which can be manipulated to execute unauthorized code in CI/CD environments.
  • [CREDENTIALS_UNSAFE]: The documentation outlines the use of sensitive authentication files, including Apple '.p8' API keys and Google service account JSON keys. While it mentions .gitignore, it promotes storing these credentials as local files, which increases the risk of accidental exposure or theft by malicious scripts.
  • [PROMPT_INJECTION]: The skill exhibits an indirect injection surface in the metadata management process described in references/app-store-metadata.md.
  • Ingestion points: store.config.js fetches content from a remote API via a network request.
  • Boundary markers: None; external data is directly merged into the configuration object.
  • Capability inventory: The resulting data is consumed by 'eas-cli' to update official store presence.
  • Sanitization: Absent; there is no validation of the remote response before it is used.
  • [EXTERNAL_DOWNLOADS]: The skill encourages downloading and installing various CLI tools and packages (eas-cli, testflight) without version pinning or integrity checks, exposing the user to supply chain attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 04:59 AM