expo-examples

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow fetches and reads free-form text from the outsider-authored public GitHub repo expo/examples (e.g., via gh api .../trees/... and gh api .../contents/<example>/<file> / curl raw.githubusercontent.com ...), which is then ingested into the agent’s LLM context as README/code/manifest text.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching live example files at runtime (e.g., curl -s https://raw.githubusercontent.com/expo/examples/master/with-stripe/utils/stripe-server.ts and git clone https://github.com/expo/examples.git) so remote content would be injected into the agent's context and can directly control prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references the "with-stripe" example and shows paths/commands for reading and scaffolding its stripe server code (e.g. utils/stripe-server.ts and npx create-expo --example with-stripe). That is a specific Payment Gateway integration (Stripe) and therefore provides explicit financial-execution capability (server routes/utilities to create/process payments), not merely a generic API or browser automation.