skills/expo/skills/expo-upgrade/Gen Agent Trust Hub

expo-upgrade

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs official Expo packages and required dependencies like react-native-worklets and expo@latest from the NPM registry.
  • [COMMAND_EXECUTION]: Employs standard shell commands for project housekeeping, such as clearing caches (rm -rf node_modules, watchman watch-del-all), running environment diagnostics (npx expo-doctor), and regenerating native platform directories (npx expo prebuild).
  • [COMMAND_EXECUTION]: Utilizes npx expo-codemod to perform automated code migrations, involving the programmatic rewriting of import statements and component structures based on SDK changes.
  • [REMOTE_CODE_EXECUTION]: Uses the xcobra utility via bunx to evaluate JavaScript expressions within the application's runtime context for architecture verification.
  • [PROMPT_INJECTION]: Processes technical migration documentation from local reference files to guide automated upgrades and project maintenance.
  • Ingestion points: Multiple markdown files in the ./references/ directory.
  • Boundary markers: Absent; instructions are interpreted directly from the text.
  • Capability inventory: Includes subprocess execution (npx expo), file system deletion (rm), and automated code transformation (expo-codemod) across the upgrade workflow.
  • Sanitization: Absent; the skill relies on the integrity of the provided reference documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 05:04 PM
Security Audit — agent-trust-hub — expo-upgrade