The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (LOW): The skill uses npm install to download validation libraries and fetch() to retrieve remote JSON schemas and documentation from api.expo.dev and GitHub. These operations are essential for the skill's primary purpose of providing up-to-date CI/CD guidance.
Data Exposure & Exfiltration (LOW): The provided fetch.js utility allows the agent to perform network requests to non-whitelisted domains (specifically api.expo.dev). While this is used for legitimate schema retrieval, generic network capabilities represent a minor risk surface.
Indirect Prompt Injection (LOW): The skill is designed to read and process user-controlled YAML configuration files, which could potentially contain malicious instructions intended to influence the agent's behavior during the validation or generation process.
Ingestion points: scripts/validate.js reads files from the .eas/workflows/ directory.
Boundary markers: The skill does not explicitly define boundary markers or safety instructions for the agent when interpreting the contents of these workflow files.
Capability inventory: The skill is granted Read, Write, and Bash permissions, allowing it to execute local Node.js scripts and modify files.
Sanitization: The skill uses the js-yaml library (version 4.1.0), which safe-loads YAML content by default, mitigating risks related to custom YAML tags or code execution during parsing.

expo-cicd-workflows