expo-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill contains a hardcoded mock secret 'sk_live_1234567890' in the 'Anti-Patterns' section. While labeled as a bad practice, the inclusion of such strings in skill documentation can lead to accidental exposure or provide a template for insecure practices.\n- COMMAND_EXECUTION (HIGH): The skill allows the use of the 'Bash' tool. When combined with the ability to edit local configuration files, this provides an avenue for arbitrary command execution if the agent is manipulated via malicious project files.\n- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing external data without sanitization.\n
- Ingestion points: Reads project-controlled files including 'app.json', 'app.config.js', 'eas.json', and 'package.json'.\n
- Boundary markers: None. There are no instructions or delimiters to help the agent distinguish between configuration data and malicious instructions embedded in these files.\n
- Capability inventory: The skill possesses 'Bash', 'Write', 'Edit', and 'Grep' tools, providing a high-privilege execution environment for any injected instructions.\n
- Sanitization: None. The skill documentation provides templates that directly interpolate environment variables and file content without validation.
Recommendations
- AI detected serious security threats
Audit Metadata