Skills
skills/software-mansion-labs/skills/react-native-best-practices/Gen Agent Trust Hub

react-native-best-practices

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The on-device AI sub-skill documentation provides patterns for building conversational assistants that ingest untrusted user data and can perform actions via tool calling, which establishes a surface for indirect prompt injection.
  • Ingestion points: references/on-device-ai/references/reference-llms.md demonstrates processing user input via the llm.sendMessage function.
  • Boundary markers: The skill includes guidance on configuring system prompts to define model behavior and constraints.
  • Capability inventory: references/on-device-ai/references/reference-llms.md describes the implementation of tool calling via executeToolCallback, enabling the model to trigger application logic.
  • Sanitization: Recommends verifying model output using the fixAndValidateStructuredOutput utility and validating data against Zod or JSON schemas.
  • [EXTERNAL_DOWNLOADS]: The skill documents the use of a resource management utility to download AI models and related assets from remote repositories.
  • Evidence: references/on-device-ai/references/core-utilities.md and references/on-device-ai/references/reference-models.md provide examples of fetching models using ResourceFetcher.fetch.
  • Context: Downloads target HuggingFace, a well-known service for AI model hosting, or the vendor's official repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 04:57 PM