react-native-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to analyze untrusted external content in the form of user-provided React Native code.\n
- Ingestion points: User-provided React Native source code processed according to guidelines in
SKILL.md.\n - Boundary markers: Absent. There are no delimiters or instructions to ignore instructions embedded in the analyzed code.\n
- Capability inventory: The skill references shell commands (
grep,npxinSKILL.md) for code analysis and search, which could be targeted if an agent executes these on malicious source code.\n - Sanitization: Absent. No filtering or validation of external code is specified.\n- COMMAND_EXECUTION (LOW): The skill contains informational bash and npx command examples (e.g.,
npx source-map-explorer) for performance profiling. These are standard development tools and do not involve suspicious obfuscation or malicious intent.\n- EXTERNAL_DOWNLOADS (INFO): Mentions several reputable React Native ecosystem packages (e.g.,jotai,zustand,react-native-performance) as optimization recommendations. No untrusted remote scripts or download-to-pipe patterns were found.
Audit Metadata