web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The
init-artifact.shandbundle-artifact.shscripts perform multiple installations from the NPM registry, includingpnpm,parcel,vite,tailwindcss, and various@radix-uiprimitives. This introduces a heavy reliance on the integrity of the NPM ecosystem. - COMMAND_EXECUTION (LOW): The skill executes several bash scripts that manipulate the local filesystem, extract archives, and use
node -eto dynamically modify configuration files (e.g.,tsconfig.json). These actions are transparently documented and serve the primary purpose of configuring the frontend project workspace.
Audit Metadata