tools-artifacts
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
init-artifact.shandbundle-artifact.shscripts install a large number of dependencies from the public npm registry, including build tools like Vite and Parcel, styling frameworks like Tailwind CSS, and numerous UI component libraries from the Radix UI and shadcn/ui ecosystems. These resources originate from well-known organizations and are standard in modern frontend development. - [COMMAND_EXECUTION]: The initialization script performs several command-line operations to set up the environment, including global installation of the
pnpmpackage manager and project scaffolding viapnpm create vite. It also uses standard shell utilities likesedandtarto configure project files and extract local assets. - [COMMAND_EXECUTION]: The initialization script uses
node -eto execute JavaScript for programmatically updating configuration files such astsconfig.json. This is used to set up path aliases and is handled using local file system operations. - [COMMAND_EXECUTION]: The bundling script executes the
parcelbuild tool and thehtml-inlineutility to transform the React application source code into a single, standalone HTML artifact.
Audit Metadata