eas-app-stores
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install
eas-cliandtestflightfrom the npm registry. These are official tools provided by Expo for interacting with their services. - [COMMAND_EXECUTION]: Provides standard command-line instructions for building, submitting, and managing app versions using the
eas-clitool. These commands are routine for mobile application development workflows. - [CREDENTIALS_UNSAFE]: The documentation describes how to handle sensitive files such as Apple Distribution Certificates (.p8) and Google Service Account keys. It explicitly recommends best practices such as adding these files to
.gitignoreand using secure environment variables or EAS Secrets for CI/CD environments. - [DATA_EXFILTRATION]: While the skill mentions network operations (e.g., fetching translations from a CMS in
store.config.js), these are provided as implementation examples for localization and use example domains, posing no threat. - [REMOTE_CODE_EXECUTION]: Mentions dynamic configuration files (
store.config.js) and EAS Workflows that execute shell commands. These are standard features of the Expo ecosystem used for build automation and dynamic metadata generation.
Audit Metadata