vercel-react-native-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to bypass AI safety constraints or override the agent's core behavior.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local files or perform suspicious network operations. All code snippets are standard UI/Logic components.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyph-based evasion techniques detected.
- External Downloads (LOW): Recommends several third-party libraries (e.g.,
@legendapp/list,@nandorojo/galeria,zeego). These are well-known and standard packages within the React Native ecosystem. Following the trust-scope rule for established community packages, this is categorized as low risk. - Privilege Escalation (SAFE): No use of sudo, administrative commands, or attempts to modify system-level configurations.
- Persistence Mechanisms (SAFE): No code attempts to modify shell profiles, cron jobs, or startup services.
- Indirect Prompt Injection (SAFE): While the skill involves processing UI data, it focuses on rendering logic and does not introduce surfaces for untrusted instruction execution.
- Dynamic Execution (SAFE): The skill mentions the React Compiler, but only as a build-time optimization tool. No runtime
eval()or dynamic code generation from untrusted sources is present.
Audit Metadata