argent-react-native-optimization
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install an external package 'eslint-plugin-react-perf' from the NPM registry during the linting phase. This is a common development tool but involves downloading code from a remote repository.
- [COMMAND_EXECUTION]: The skill executes shell commands including 'npm install' and 'npx eslint' to perform its optimization tasks. It also uses platform-specific tools like 'debugger-evaluate' to execute and validate code fixes within the application context.
- [DYNAMIC_EXECUTION]: The skill follows a process of modifying application source code and then validating those changes using 'debugger-evaluate'. This involves runtime execution of code generated or altered by the agent.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (the React Native project source code) and performs actions based on its content. This creates an attack surface where malicious instructions embedded in the code could potentially influence agent behavior.
- Ingestion points: Source files are read during Phase 1 (Lint sweep) and Phase 2 (Semantic sweep).
- Boundary markers: The instructions do not define specific markers to delimit untrusted code from instructions.
- Capability inventory: The agent has the ability to execute code via 'debugger-evaluate', interact with the device via 'argent-device-interact', and run shell commands.
- Sanitization: There is no explicit sanitization or validation mentioned for the code content being processed.
Audit Metadata