skills/expo/skills/eas-app-stores/Gen Agent Trust Hub

eas-app-stores

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install eas-cli and testflight from the npm registry. These are official tools provided by Expo for interacting with their services.
  • [COMMAND_EXECUTION]: Provides standard command-line instructions for building, submitting, and managing app versions using the eas-cli tool. These commands are routine for mobile application development workflows.
  • [CREDENTIALS_UNSAFE]: The documentation describes how to handle sensitive files such as Apple Distribution Certificates (.p8) and Google Service Account keys. It explicitly recommends best practices such as adding these files to .gitignore and using secure environment variables or EAS Secrets for CI/CD environments.
  • [DATA_EXFILTRATION]: While the skill mentions network operations (e.g., fetching translations from a CMS in store.config.js), these are provided as implementation examples for localization and use example domains, posing no threat.
  • [REMOTE_CODE_EXECUTION]: Mentions dynamic configuration files (store.config.js) and EAS Workflows that execute shell commands. These are standard features of the Expo ecosystem used for build automation and dynamic metadata generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 04:29 PM
Security Audit — agent-trust-hub — eas-app-stores