react-native-update
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/integration_doctor.shperforms local environment diagnostics, such as checking for the existence ofpackage.jsonand verifying dependencies. This is a standard developer tool behavior. - [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing
react-native-updateand its CLI via npm. These are the official packages for the Pushy service and are standard in the React Native ecosystem. - [PROMPT_INJECTION] (SAFE): The skill analyzes local project configuration files to tailor its advice. While this creates a theoretical surface for indirect prompt injection if an attacker controls those files, the script uses safe JSON parsing via
require()on files with.jsonextensions, and the risk is minimal for the intended use case. Evidence Chain: 1. Ingestion points:package.jsonandupdate.jsonviascripts/integration_doctor.sh. 2. Boundary markers: None. 3. Capability inventory: npm installation and native file modifications. 4. Sanitization: Node.jsrequire()ensures the files are valid JSON.
Audit Metadata