artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious instructions or bypass attempts were found in the skill's description or instructions.
- Command Execution (SAFE): The skill uses shell scripts to automate project setup. User-provided input (project name) is properly quoted to prevent command injection.
- Unverifiable Dependencies (SAFE): The skill installs standard, well-known, and trusted web development packages (React, Vite, Tailwind CSS, Radix UI) from the official npm registry.
- Dynamic Execution (SAFE): The setup script uses node -e for programmatic modification of local configuration files, which is a common and safe automation practice.
Audit Metadata