upgrading-expo

This skill is benign and provides standard, proportionate instructions to upgrade Expo SDKs. It relies on official tooling (npm, npx, expo) and operates on the user's project files. The main residual risk is the usual supply-chain risk of installing packages from public registries; users should verify package sources and consider pinning versions. No credential harvesting, download-execute from untrusted domains, or exfiltration patterns are present.