argent-react-native-app-workflow

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It instructs the agent to read untrusted project data (such as package.json scripts and metro.config.js) and prioritize custom scripts found there for execution.
  • Ingestion points: The skill reads package.json, metro.config.js, and ios/Podfile (referenced in SKILL.md sections 1.1 and 4.1).
  • Boundary markers: There are no instructions to the agent to sanitize or ignore potential instructions embedded within these configuration files.
  • Capability inventory: The skill utilizes powerful capabilities including shell command execution (npm run, npx), file system access, and the debugger-evaluate tool.
  • Sanitization: No sanitization or validation of the content of these configuration files is mentioned.
  • [COMMAND_EXECUTION]: The skill guides the agent to perform various shell-level operations such as process inspection (lsof -i :8081), dependency management (npm install, pod install), and build orchestration (npx react-native run-ios).
  • [REMOTE_CODE_EXECUTION]: The skill references a debugger-evaluate tool in section 4.1, which is designed to execute arbitrary JavaScript code within the context of the running application for debugging purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:25 PM
Security Audit — agent-trust-hub — argent-react-native-app-workflow