react-native-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing 'Flashlight', a recognized performance benchmarking tool for Android, via a remote shell script (curl https://get.flashlight.dev | bash). This is a standard installation method for this tool.
- [REMOTE_CODE_EXECUTION]: The installation process for the Flashlight utility involves piping a remote script to a shell. While this is an official method for the tool, it represents a remote code execution pattern that is common in developer-focused tools.
- [COMMAND_EXECUTION]: The skill documents numerous standard commands for React Native development, including 'npx react-native bundle' for bundle analysis, 'gradlew' for Android build optimization, and 'xcodebuild' for iOS archiving. These are expected within a technical optimization guide.
- [DATA_EXPOSURE]: Analysis of all 31 files revealed no hardcoded credentials, API keys, or unauthorized access to sensitive file paths.
- [PROMPT_INJECTION]: The markdown content and skill metadata (SKILL.md, POWER.md) contain no instructions designed to override agent safety filters or system prompts.
Audit Metadata