rn-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches React Native upgrade diffs from the
rn-diff-purgerepository on GitHub and release notes from the official React Native repository. These are well-known and trusted sources within the developer community. - [COMMAND_EXECUTION]: Instructs the agent to execute standard project management and build commands, including
yarn install,npm install,pod install, and./gradlew clean. These actions are necessary for the skill's primary purpose and are performed after user approval of an upgrade plan. - [PROMPT_INJECTION]: The skill processes external data (upgrade diffs and release notes) which presents a surface for indirect prompt injection. This risk is effectively mitigated by the instructions requiring the agent to use
EnterPlanModeto present all proposed changes to the user for manual review and approval before execution. - [DATA_EXPOSURE]: Reads project configuration files like
package.json,MainApplication.kt, andAppDelegate.swiftto identify current versions and apply necessary code changes. This access is scoped to the project being upgraded.
Audit Metadata