Skills
skills/arcaneorion/alice-single/artifacts-builder/Gen Agent Trust Hub

artifacts-builder

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs extensive downloads and installations from the public NPM registry at runtime.
  • scripts/init-artifact.sh attempts to install pnpm globally (npm install -g pnpm) if not found, which modifies the global system environment.
  • scripts/bundle-artifact.sh installs multiple development dependencies (parcel, html-inline) every time the bundling process is initiated.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell scripts for complex environment setup and file manipulation.
  • It uses node -e to execute inline JavaScript for programmatically modifying tsconfig.json files.
  • It extracts a local archive (shadcn-components.tar.gz) into the source directory using tar -xzf.
  • [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets, API keys, or sensitive local file path access (like SSH keys or .env files) were detected in the provided files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:34 PM