Skills
skills/claudiodearaujo/izacenter/web-artifacts-builder/Gen Agent Trust Hub

web-artifacts-builder

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts init-artifact.sh and bundle-artifact.sh install numerous official packages from the NPM registry to provide a complete React and Tailwind development environment.
  • [COMMAND_EXECUTION]: The skill executes shell scripts that manage the local filesystem and run build commands via Parcel and Vite. It also uses node -e to programmatically update project configuration files.
  • [COMMAND_EXECUTION]: The initialization script extracts a locally provided vendor resource (shadcn-components.tar.gz) containing UI components into the source directory.
  • [COMMAND_EXECUTION]: Attempts to install the pnpm package manager globally if it is not already present on the host system.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: scripts/init-artifact.sh (project name argument).
  • Boundary markers: Absent.
  • Capability inventory: File system access, package installation, build tool execution.
  • Sanitization: Absent. The project name is used in shell commands without validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:16 AM