The Agent Skills Directory

[Unverifiable Dependencies] (MEDIUM): The init-artifact.sh and bundle-artifact.sh scripts install a large number of packages from the npm registry (Vite, Tailwind, Parcel, and Radix UI components) without strict version pinning for many dependencies. This creates a supply chain risk where malicious package versions could be introduced at runtime.
[Privilege Escalation] (MEDIUM): init-artifact.sh attempts to install pnpm globally using npm install -g pnpm. Global installations often require elevated privileges and can modify the host system's global state or pre-existing binaries.
[Dynamic Execution] (MEDIUM): The initialization script uses node -e to execute JavaScript strings for dynamically parsing and modifying tsconfig.json and tsconfig.app.json. This pattern of runtime code execution is a common vector for exploitation if the targeted files or inputs are manipulated.
[Command Execution] (LOW): The scripts perform extensive shell operations including directory navigation, file deletion (rm -rf), and archive extraction (tar -xzf).
[Indirect Prompt Injection] (LOW): Evidence Chain: 1. Ingestion point: PROJECT_NAME parameter in init-artifact.sh. 2. Boundary markers: Quoting is used in shell commands, but no explicit validation or delimiters are present to prevent the project name from containing embedded instructions. 3. Capability inventory: File system writes, global package installation, and dynamic JS execution via Node. 4. Sanitization: Minimal (shell quoting only).

artifacts-builder