Skills
skills/software-mansion-labs/react-native-skills/react-native-executorch/Gen Agent Trust Hub

react-native-executorch

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The ResourceFetcher utility and expo-file-system facilitate downloading resources from arbitrary URLs.
  • Evidence: ResourceFetcher.fetch(..., 'https://example.com/llama3_2.pte') in references/core-utilities.md and FileSystem.downloadAsync('https://some-audio-url.com/file.mp3', ...) in references/reference-audio.md.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill allows loading and executing .pte (ExecuTorch) models downloaded from external sources. Maliciously crafted model files could exploit vulnerabilities in the runtime or produce unexpected tool-calling behavior.
  • Evidence: useExecutorchModule and LLMModule load models from paths provided by ResourceFetcher.
  • PROMPT_INJECTION (LOW): The useLLM component is vulnerable to indirect prompt injection when processing untrusted data.
  • Ingestion points: llm.sendMessage(message) and llm.generate(chat) in references/reference-llms.md.
  • Boundary markers: Absent; messages are passed as raw strings or simple role-based objects without delimiters.
  • Capability inventory: Includes tool calling via executeToolCallback and file system access through ResourceFetcher.
  • Sanitization: No evidence of input filtering or escaping before processing by the LLM.
  • DATA_EXFILTRATION (LOW): Multiple hooks (useOCR, useImageEmbeddings, useClassification) accept remote URLs as input. While used for legitimate inference, this behavior could be abused to perform Server-Side Request Forgery (SSRF) or confirm the existence of internal network resources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:44 PM