expo-cicd-workflows
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local scripts 'fetch.js' and 'validate.js' using Node.js to perform network operations and file validation. Since the source code for these scripts is not provided, their internal logic and security cannot be verified.
- [EXTERNAL_DOWNLOADS]: The instructions require running 'npm install' in the scripts directory, which downloads third-party packages from the NPM registry. Without access to the 'package.json' file, the specific dependencies and their versions cannot be audited.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-supplied YAML files and external documentation.
- Ingestion points: Workflow YAML files in '.eas/workflows/' and remote schema/documentation URLs.
- Boundary markers: None specified in the instructions.
- Capability inventory: File system access (Read/Write) and command execution via Node.js.
- Sanitization: No evidence of sanitization or validation of the fetched content before processing.
Audit Metadata