The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides strong security guidance regarding credential management. It explicitly warns against storing tokens in AsyncStorage and recommends expo-secure-store for sensitive data. It also correctly differentiates between EXPO_PUBLIC_ environment variables (client-side) and non-prefixed variables (server-side secrets), providing clear warnings against exposing secrets in the client bundle.
[COMMAND_EXECUTION]: No shell command execution or platform-level command injection vectors were detected. The skill focuses on JavaScript/TypeScript networking code.
[EXTERNAL_DOWNLOADS]: The skill references standard, well-known libraries in the React Native ecosystem, including @tanstack/react-query, @react-native-community/netinfo, and Expo's official packages. These are legitimate dependencies for the stated purpose.
[REMOTE_CODE_EXECUTION]: There is no evidence of remote code execution, dynamic code loading from untrusted sources, or unsafe use of eval or exec functions.
[PROMPT_INJECTION]: The instructions are technical and instructional without any attempts to override agent behavior, bypass safety filters, or extract system prompts.

native-data-fetching