Security Audit

upgrading-react-native

github.com/callstackincubator/agent-skills

AI SkillCommit ace14e40df8e

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

upgrading-react-native received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized $APP_DIR, Reliance on External, Mutable GitHub Content for Upgrade Diffs.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on May 1, 2026 (commit ace14e40). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized $APP_DIR Several shell commands within the skill's examples use the `$APP_DIR` variable to specify project paths. If the agent's execution environment populates `$APP_DIR` directly from untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For instance, if `$APP_DIR` contains shell metacharacters or command substitutions (e.g., `$(malicious_command)`), these could be executed when the commands are run, leading to arbitrary code execution. The agent executing these commands must ensure that `$APP_DIR` is either a trusted, internally controlled value or is rigorously sanitized/escaped before being used in shell commands. Specifically, prevent injection of shell metacharacters or command substitutions. Using `exec` with an array of arguments instead of a single shell string, or a library that properly escapes arguments, is recommended.	LLM	SKILL.md:26
MEDIUM	Reliance on External, Mutable GitHub Content for Upgrade Diffs The skill instructs the use of `curl` to download a React Native upgrade diff from `raw.githubusercontent.com`. This relies on an external, mutable source (the `react-native-community/rn-diff-purge` repository). If this repository or the specific diff file were compromised, a malicious diff could be downloaded and applied to the user's project, potentially introducing vulnerabilities or backdoors. While this is a standard practice for React Native upgrades, it represents an inherent supply chain risk due to the lack of integrity verification. While completely eliminating this risk might be difficult given the nature of React Native upgrades, consider adding integrity checks (e.g., checksum verification) for downloaded diff files if possible. Users should be aware of the source's trustworthiness. The agent could also provide a mechanism to review the diff content before application.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e068fa15daa35ef9.svg)](https://skillshield.io/report/e068fa15daa35ef9)