Skills
skills/4444j99/a-i--skills/artifacts-builder/Gen Agent Trust Hub

artifacts-builder

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell scripts to perform environment setup and build operations. Evidence: scripts/init-artifact.sh executes pnpm, npm, tar, and node to configure the project. scripts/bundle-artifact.sh executes pnpm and parcel to generate the final bundle.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of numerous packages from official registries during project initialization. Evidence: pnpm install and npm install -g pnpm in scripts/init-artifact.sh.
  • [PROMPT_INJECTION]: The skill's primary function of generating interactive artifacts from user instructions creates a surface for indirect prompt injection. Evidence: 1. Ingestion points: User instructions for artifact content entering the agent context. 2. Boundary markers: Absent. 3. Capability inventory: File-write operations and shell execution across all scripts. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:10 PM