web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The scripts
init-artifact.shandbundle-artifact.shdownload and install various frontend development dependencies from the public npm registry usingnpmandpnpm. Since the author (Anthropic) and repository (anthropics/skills) are trusted, these operations are considered safe and are appropriate for building web applications. - [COMMAND_EXECUTION] (SAFE): The skill automates the project lifecycle through bash scripts that perform standard development tasks such as project initialization, dependency management, and production bundling. These commands are necessary for the skill's function and present no security risk within the context of a development environment.
- [DYNAMIC_EXECUTION] (SAFE): During project setup, the initialization script dynamically generates configuration files (e.g.,
tailwind.config.js,tsconfig.json) to set up the build environment. This behavior is standard for scaffolding tools and does not involve the execution of untrusted external code.
Audit Metadata