artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell scripts (
scripts/init-artifact.shandscripts/bundle-artifact.sh) to automate project setup and bundling. These scripts execute multiple subprocesses includingpnpm,npm,node,tar, andsed. - [COMMAND_EXECUTION]: The initialization script
scripts/init-artifact.shattempts to installpnpmglobally usingnpm install -g pnpmif the command is not found. This operation typically requires elevated system privileges. - [EXTERNAL_DOWNLOADS]: The scripts download and install a large number of third-party Node.js packages from the public NPM registry using
pnpm installandpnpm add. - [COMMAND_EXECUTION]: The script
scripts/init-artifact.shextracts components from a local archive (shadcn-components.tar.gz). The content of this archive is not included in the provided files and cannot be verified for safety. - [PROMPT_INJECTION]: The skill contains stylistic instructions in
SKILL.md(e.g., avoiding "AI slop") that function as behavioral constraints for the AI agent. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8):
- Ingestion points: The skill processes user-provided project names and generates React code based on user requirements in
scripts/init-artifact.sh. - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from executing malicious code that might be embedded in the user's requirements for the artifact.
- Capability inventory: The build environment provides extensive capabilities, including package management (
pnpm), file system operations, and code compilation viaparcelandvite. - Sanitization: The scripts do not perform validation or sanitization of the user-influenced content before it is built into the final HTML artifact.
Audit Metadata