expo-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses official Expo CLI tools (
npx expo,npx create-expo-app) and EAS CLI (eas init) to perform project initialization. These commands are executed within the context of standard mobile development workflows. - [CREDENTIALS_UNSAFE] (SAFE): The
SKILL.mdfile contains explicit security warnings to prevent the accidental exposure of sensitive signing credentials (e.g., .p12, keystores), recommending the use of EAS secrets instead. - [EXTERNAL_DOWNLOADS] (SAFE): Packages installed via
scripts/init-expo-project.share well-known, official Expo SDK modules (expo-secure-store,expo-notifications, etc.) sourced from the public npm registry. - [DATA_EXFILTRATION] (SAFE): No unauthorized network operations or access to sensitive local files (like SSH keys or AWS credentials) were detected. The use of
WebFetchis listed in metadata but not utilized for data transit in the provided scripts.
Audit Metadata