expo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security risks were identified across all 10 threat categories.
- [CREDENTIALS_UNSAFE] (SAFE): The skill demonstrates positive security intent by including a 'hardcoded-api-key' validation rule designed to alert developers if they accidentally commit secrets. It correctly recommends using EAS secrets or environment variables for credential management.
- [COMMAND_EXECUTION] (SAFE): Troubleshooting steps in the 'sharp_edges.md' file suggest standard development commands like 'npx expo start --clear' and 'rm -rf node_modules'. These are routine maintenance operations for React Native projects and are appropriately scoped to the local development environment.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard package installation via 'npx expo install' and 'npm install'. These refer to established ecosystem registries (npm) and are used for their intended purpose of adding mobile development dependencies.
Audit Metadata