artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (
init-artifact.shandbundle-artifact.sh) to manage the lifecycle of a React project. These scripts perform routine operations such as creating directories, writing configuration files for PostCSS, Tailwind, and Parcel, and executing build commands to bundle the application. - [EXTERNAL_DOWNLOADS]: The initialization and bundling scripts install numerous dependencies from the official NPM registry. These include development tools like Vite and Parcel, as well as UI libraries like Radix UI, Tailwind CSS, and shadcn/ui components. It also ensures the availability of the
pnpmpackage manager by installing it globally if it is not already present. - [SAFE]: The identified behaviors—executing build scripts and downloading industry-standard dependencies from trusted repositories—are entirely consistent with the skill's primary purpose of providing a frontend development environment. No malicious patterns or security risks were detected.
Audit Metadata