artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill frequently executes bash scripts (init-artifact.sh, bundle-artifact.sh) to manage the filesystem and run build processes, which can be exploited if script arguments are not properly sanitized.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The bundling process involves installing several Node.js packages (parcel, html-inline, etc.) at runtime. This introduces a supply chain risk through unversioned or malicious package dependencies.
- [REMOTE_CODE_EXECUTION] (HIGH): The workflow involves generating code from user input, building it using dynamically installed tools, and producing an executable HTML bundle. This creates a direct path for executing untrusted code within the user environment.
- [PROMPT_INJECTION] (HIGH): (Indirect Prompt Injection) Mandatory Evidence: 1. Ingestion points: The skill takes instructions from user prompts to generate React source code. 2. Boundary markers: There are no defined boundary markers or instructions to ignore embedded code within the generated files. 3. Capability inventory: The skill has the ability to run shell commands, write to the filesystem, and install external software. 4. Sanitization: There is no evidence of sanitization or sandboxing of the generated code before it is bundled and presented to the user.
Recommendations
- AI detected serious security threats
Audit Metadata