setup-react-native-storybook
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows established developer workflows for integrating Storybook. It relies on official packages and does not exhibit malicious patterns such as credential theft or obfuscation.
- [COMMAND_EXECUTION]: The agent is instructed to use package managers (npm, yarn, bun) and the Expo CLI to install dependencies and execute initialization scripts.
- [EXTERNAL_DOWNLOADS]: The setup process involves fetching official @storybook/react-native packages and community-standard libraries from the npm registry.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection attack surface where the agent reads local project structure to determine configuration logic. • Ingestion points: Reads local file names and directory structures (e.g., yarn.lock, app/ directory) in SKILL.md. • Boundary markers: Absent. • Capability inventory: Modifies system configuration files (metro.config.js, babel.config.js) and executes shell commands (npm install, pod install). • Sanitization: Absent.
Audit Metadata