Skills
skills/aaaaqwq/claude-code-skills/web-artifacts-builder/Gen Agent Trust Hub

web-artifacts-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The scripts init-artifact.sh and bundle-artifact.sh download and install a comprehensive list of frontend development packages from the NPM registry. While the packages (Vite, Radix UI, Tailwind, etc.) are widely used and reputable, the sheer volume of automated external dependencies should be noted as an inherent risk.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill executes code from external sources via pnpm install, npm install -g pnpm, and pnpm exec. These commands download and run binaries and scripts from the internet to perform build tasks.
  • [COMMAND_EXECUTION] (LOW): The init-artifact.sh script uses node -e to dynamically modify configuration files like tsconfig.json. This involves executing JavaScript code strings passed via the command line; however, the code is hardcoded in the script and performs benign JSON transformations.
  • [EXTERNAL_DOWNLOADS] (LOW): The init-artifact.sh script attempts to globally install pnpm via npm install -g pnpm if it is not found on the system. While this is a common utility installation, global package modifications are generally a minor security concern in multi-user environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM