rn-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches version diffs and release documentation from trusted sources including the official React Native and React Native Community GitHub repositories.
- [COMMAND_EXECUTION]: Utilizes standard development tools including npm, yarn, pod, and gradle to manage dependencies and clean build environments, which is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content such as release notes and diff files to guide its file-modifying and command-execution behavior.
- Ingestion points: Analyzes local package.json and fetches remote content from GitHub (release notes and .diff files).
- Boundary markers: Absent; the instructions do not explicitly instruct the agent to ignore instructions embedded in the external text or delineate data from logic.
- Capability inventory: The skill can modify the local filesystem (native code) and execute build/installation commands.
- Sanitization: Absent; the agent relies on its own interpretation of the external diff content to apply changes.
Audit Metadata