The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to execute a local Python script scripts/init-expo.py to manage the scaffolding process. Since the script source code is not provided among the reviewed files, its full range of actions (such as file system modifications or subprocess calls) cannot be verified. It also executes shell commands like bun install and bun start.\n- [EXTERNAL_DOWNLOADS] (LOW): The scaffolding workflow executes bun install, which downloads numerous third-party dependencies from the NPM registry. This is standard behavior for JavaScript development but introduces risks associated with dependency supply chains.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion point: Phase 1 PRD Brief Intake (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: init-expo.py for file creation and bun for dependency management. 4. Sanitization: Not specified. A maliciously crafted user brief could attempt to inject code or instructions into the generated application files or influence the generation logic.

expo-architect