Skills
skills/agilkannan/skills/web-artifacts-builder/Gen Agent Trust Hub

web-artifacts-builder

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs numerous well-known development dependencies (Vite, Tailwind CSS, Radix UI, Parcel) from the official NPM registry to create and bundle artifacts.
  • [COMMAND_EXECUTION]: Automated scripts (init-artifact.sh and bundle-artifact.sh) use shell commands to initialize projects, manage file structures, and execute build/bundling processes using tools like Vite and Parcel.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because the init-artifact.sh script takes a user-provided project name and uses it in shell commands and configuration file edits without sufficient validation or sanitization.
  • Ingestion points: The argument in scripts/init-artifact.sh.
  • Boundary markers: None identified.
  • Capability inventory: Shell command execution (pnpm, sed, node, tar) and file system access.
  • Sanitization: No input sanitization or validation logic found for the project name input.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 08:02 PM