eas-hosting
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements best practices for secret management by instructing users to use environment variables and the
eas env:createcommand instead of hardcoding sensitive credentials. - [PROMPT_INJECTION]: The example code in
app/api/ai+api.tsdemonstrates how to process user-supplied input for an AI proxy. While this creates a surface for indirect prompt injection in the deployed application, it is a standard implementation pattern for this use case. - Ingestion points: User input is read from the JSON body in
app/api/ai+api.ts. - Boundary markers: None identified in the instructional example.
- Capability inventory: The script uses the
fetchAPI to communicate with external services. - Sanitization: The example does not include content filtering or validation for the user-provided prompt.
- [COMMAND_EXECUTION]: The skill uses standard Expo ecosystem commands (
npx expo export,eas deploy) for build and deployment workflows.
Audit Metadata