react-native-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill demonstrates a significant attack surface by processing external content with associated write capabilities.
- Ingestion points: Step 2 of the mandatory workflow explicitly loads untrusted files:
project_overview.md,navigation_patterns.md,native_modules.md, andplatform_specifics.md. - Boundary markers: The instructions lack any explicit boundary markers (e.g., XML tags or delimiters) or warnings to ignore embedded instructions within these ingested files.
- Capability inventory: The skill is authorized to perform file writes in Step 5 (saving to
/claudedocs/) and Step 6 (updating project memory files), providing a path for persistent poisoning or misleading documentation generation. - Sanitization: No validation or sanitization of the input file content is defined in the workflow.
Recommendations
- AI detected serious security threats
Audit Metadata