argent-react-native-app-workflow
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It instructs the agent to read untrusted project data (such as
package.jsonscripts andmetro.config.js) and prioritize custom scripts found there for execution. - Ingestion points: The skill reads
package.json,metro.config.js, andios/Podfile(referenced in SKILL.md sections 1.1 and 4.1). - Boundary markers: There are no instructions to the agent to sanitize or ignore potential instructions embedded within these configuration files.
- Capability inventory: The skill utilizes powerful capabilities including shell command execution (
npm run,npx), file system access, and thedebugger-evaluatetool. - Sanitization: No sanitization or validation of the content of these configuration files is mentioned.
- [COMMAND_EXECUTION]: The skill guides the agent to perform various shell-level operations such as process inspection (
lsof -i :8081), dependency management (npm install,pod install), and build orchestration (npx react-native run-ios). - [REMOTE_CODE_EXECUTION]: The skill references a
debugger-evaluatetool in section 4.1, which is designed to execute arbitrary JavaScript code within the context of the running application for debugging purposes.
Audit Metadata