expo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is designed to analyze and refactor user-provided React Native code for performance. This creates a surface for Indirect Prompt Injection (Category 8), as instructions could be hidden in analyzed code. However, the skill does not have executable capabilities that would allow an attacker to exploit this surface.
- External Downloads (SAFE): The skill documentation refers to standard package managers (pnpm, npx) and legitimate libraries from official registries like npm and PyPI. These are standard development tools and pose no security risk.
- Data Exposure (SAFE): No hardcoded credentials, sensitive file paths, or exfiltration patterns were detected in the rules or examples.
- Command Execution (SAFE): The shell commands provided in the documentation (e.g., pnpm install, brew install webp) are for local development setup and are from trustworthy sources.
Audit Metadata