skills/expo/skills/eas-hosting/Gen Agent Trust Hub

eas-hosting

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements best practices for secret management by instructing users to use environment variables and the eas env:create command instead of hardcoding sensitive credentials.
  • [PROMPT_INJECTION]: The example code in app/api/ai+api.ts demonstrates how to process user-supplied input for an AI proxy. While this creates a surface for indirect prompt injection in the deployed application, it is a standard implementation pattern for this use case.
  • Ingestion points: User input is read from the JSON body in app/api/ai+api.ts.
  • Boundary markers: None identified in the instructional example.
  • Capability inventory: The script uses the fetch API to communicate with external services.
  • Sanitization: The example does not include content filtering or validation for the user-provided prompt.
  • [COMMAND_EXECUTION]: The skill uses standard Expo ecosystem commands (npx expo export, eas deploy) for build and deployment workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 04:29 PM