Skills
skills/onekeyhq/app-monorepo/1k-patching-native-modules/Gen Agent Trust Hub

1k-patching-native-modules

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Command Execution] (SAFE): The skill utilizes rm -rf specifically for cleaning build artifacts within the node_modules directory. This is a routine development task and does not target sensitive system paths or user data.
  • [External Downloads] (SAFE): The instructions utilize npx patch-package, which is a well-known and trusted utility in the JavaScript ecosystem. The packages referenced (e.g., expo-image, react-native) are high-trust, standard libraries.
  • [Indirect Prompt Injection] (LOW): The skill identifies a workflow for analyzing external crash logs, which constitutes an ingestion point for untrusted data. Evidence: 1. Ingestion points: Step 1 (Analyze Crash Log). 2. Boundary markers: Absent. 3. Capability inventory: ls, rm, npx, git, gh. 4. Sanitization: Absent. The risk is minimized as the skill is primarily instructional and has model invocation disabled.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:23 PM