Skills
skills/midudev/autoskills/expo-deployment/Gen Agent Trust Hub

expo-deployment

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill repeatedly suggests running npx testflight as a shortcut for iOS TestFlight submissions in SKILL.md, references/ios-app-store.md, and references/testflight.md. This command downloads and executes a package named testflight from the npm registry. Since there is no official Expo or Apple-provided CLI tool by this name (the current npm package of that name is an unrelated library), this instruction could lead to the execution of malicious code if the package name were targeted for typosquatting or hijacking.\n- [EXTERNAL_DOWNLOADS]: The documentation for dynamic metadata configuration in references/app-store-metadata.md provides an example of a store.config.js file that uses fetch() to retrieve data from an external API (https://api.example.com/app-store-copy). This pattern introduces a dependency on an external network resource during the build/deployment process, which could be exploited to exfiltrate sensitive environment variables or inject malicious configuration values if the endpoint is compromised.\n- [CREDENTIALS_UNSAFE]: The file references/app-store-metadata.md contains hardcoded credentials for a demo account (test@example.com / password123, ReviewDemo2025!). While intended for the App Review team, hardcoding credentials in configuration examples is a security risk as they may be accidentally committed to production repositories.\n- [COMMAND_EXECUTION]: The skill uses npm and npx to install and run global command-line tools such as eas-cli. While eas-cli is an official tool, the use of npx for unverified packages like testflight increases the attack surface for dependency-based attacks.\n- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by pulling data from external sources and processing configuration files.\n
  • Ingestion points: eas metadata:pull command described in references/app-store-metadata.md retrieves metadata from external app store APIs.\n
  • Boundary markers: None identified in the provided instructions to separate pulled metadata from agent instructions.\n
  • Capability inventory: Extensive command execution capabilities including npm, npx, and fetch across all scripts.\n
  • Sanitization: No evidence of input validation or sanitization before processing the pulled metadata content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 01:39 PM