web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs numerous frontend dependencies from the npm registry (e.g., vite, tailwindcss, radix-ui). These are standard packages for the stated purpose. Per the TRUST-SCOPE-RULE, as the author is 'anthropic' and the source is 'github.com/anthropics/skills', these downloads are considered safe within the context of the skill's primary function.
- [COMMAND_EXECUTION] (SAFE): The skill executes shell scripts to automate project scaffolding and bundling. These commands (pnpm install, parcel build) are appropriate for a web development toolkit and do not show signs of malicious intent.
- [PRIVILEGE_ESCALATION] (LOW): The script attempts to install
pnpmglobally usingnpm install -g. While this modifies the system environment, it is expected behavior for a tool designed to set up a development environment. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external code files created or edited by the agent/user to generate a final bundle. This is an inherent property of a build tool. No evidence of malicious interpolation or lack of sanitization beyond the nature of a developer tool was found.
- Ingestion points: User-provided project name and edited source files in the generated React project.
- Boundary markers: Standard project structure is used; no explicit LLM-specific boundary markers are present in the scripts.
- Capability inventory: Shell execution, file write, network access via package managers.
- Sanitization: Not applicable as the tool's purpose is to compile and bundle code as provided.
Audit Metadata