react-native-storage-manager
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- [Data Exposure] (LOW): The skill documentation acknowledges an insecure 'fail-open' design where storage reverts to an unencrypted state if the hardware keystore is unavailable. Evidence: SECURITY_AND_ENCRYPTION.md states 'the app will fallback to unencrypted storage' if SecureStore.getItem fails. This could lead to auth tokens or PII being stored in plaintext on the device.
- [Indirect Prompt Injection] (INFO): The skill implements a data ingestion surface that loads persistence data into the application state. Ingestion points: 'load' and 'loadString' helpers in app/utils/storage/index.ts. Boundary markers: Absent. Capability inventory: 'save' and 'clear' functions facilitate file system modifications. Sanitization: The documentation recommends external validation (e.g., Zod) but the provided helper functions do not enforce sanitization or schema validation.
Audit Metadata