Skills
skills/margelo/react-native-skills/nitro-fetch/Gen Agent Trust Hub

nitro-fetch

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions to install the nitro-fetch ecosystem of packages (react-native-nitro-fetch, react-native-nitro-modules, react-native-nitro-websockets, react-native-nitro-text-decoder) via standard package managers.
  • [SAFE]: These packages are verified vendor resources corresponding to the skill author, Margelo.
  • [SAFE]: The skill demonstrates secure handling of sensitive data. For instance, the prefetching and token refresh mechanisms are documented to use secure, encrypted native storage (NitroFetchSecureAtRest) to protect persisted credentials.
  • [SAFE]: The documentation provides defensive architectural recommendations, such as avoiding the global monkey-patching of the fetch and WebSocket APIs, which reduces the risk of side-channel attacks and improves maintainability.
  • [SAFE]: No evidence of prompt injection, multi-layer obfuscation, or persistence-based attacks was found. The skill's functionality aligns with its stated purpose as a networking utility suite.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 02:09 AM
Security Audit — agent-trust-hub — nitro-fetch