vercel-react-native-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or attempts to bypass safety filters were found. The language is instructional and focused on software development best practices.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. Code examples use placeholders and standard patterns.
- [Obfuscation] (SAFE): No evidence of Base64 encoding, zero-width characters, or homoglyphs used for malicious purposes was found after scanning the rule files and metadata.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard, well-known React Native and Expo libraries such as Reanimated, FlashList, and Expo Router. No suspicious remote code execution patterns or unvetted scripts are present. References to 'npx expo' commands are standard development practices.
- [Privilege Escalation] (SAFE): No commands for escalating system privileges or modifying sensitive system configurations were found.
- [Persistence Mechanisms] (SAFE): No attempts to establish persistent access on the host system or modify shell profiles.
- [Metadata Poisoning] (SAFE): Metadata fields in SKILL.md and metadata.json are used correctly for documentation purposes and contain no deceptive or malicious instructions.
- [Indirect Prompt Injection] (SAFE): The skill provides static guidelines and does not ingest untrusted runtime data in a way that creates an injection surface.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic was found that triggers behavior based on time or specific environment conditions.
- [Dynamic Execution] (SAFE): The skill encourages standard Reanimated worklet patterns for performance but contains no unsafe dynamic code generation, library injection, or unsafe deserialization.
Audit Metadata