expo-sdk
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes npx create-expo-app and npx expo prebuild to download and execute scripts from the npm registry. This represents a remote execution vector (normally HIGH), but the severity is reduced to MEDIUM as it is the primary and intended purpose of the skill for setting up the development environment.
- [EXTERNAL_DOWNLOADS] (LOW): The workflow requires installing several third-party libraries (e.g., expo-router, @shopify/flash-list) via pnpm. While these are unverifiable external dependencies (normally MEDIUM), the risk is reduced to LOW because they are core to the skill's stated utility.
- [COMMAND_EXECUTION] (LOW): Routine execution of shell commands for project initialization and starting the development server (pnpm start) are prescribed in the instructions.
Audit Metadata