upgrading-react-native
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches React Native template diffs and the
gradle-wrapper.jarbinary from the trustedreact-native-communityGitHub organization. These downloads are required for aligning the application with the canonical upgrade templates and are documented in official community guides. - [COMMAND_EXECUTION]: Instructs the agent to execute privileged and administrative shell commands including
sudo xcode-selectandsudo xcodebuildto configure the iOS build environment. It also uses package manager commands (npm,pod,npx expo) to update dependencies and synchronize native modules, which is standard practice for mobile development. - [METADATA_POISONING]: There is a discrepancy between the author 'Callstack' listed in the skill's YAML frontmatter and the author 'bidah' provided in the system context. While technically metadata poisoning, it appears to be a documentation oversight and does not introduce functional risks to the execution environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project-specific data (
package.json) and external template diffs, creating an attack surface for instructions embedded in untrusted project files. - Ingestion points: Reads local
package.jsonand remote diff files fromrn-diff-purge. - Boundary markers: No explicit delimiter or 'ignore' instructions are used during interpolation.
- Capability inventory: High-impact capabilities including shell command execution (
npm install), file modification, and binary replacement (gradle-wrapper.jar). - Sanitization: No automated sanitization is performed; safety relies on the manual review gates included in the upgrade verification checklist.
Audit Metadata