The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The script scripts/init-artifact.sh performs global system modifications by running npm install -g pnpm if the package manager is not found. This modifies the user's global environment.
[COMMAND_EXECUTION] (MEDIUM): Extensive use of shell scripts to dynamically generate and modify configuration files (e.g., postcss.config.js, tailwind.config.js, tsconfig.json) using heredocs and node -e execution. While typical for scaffolding, this level of system interaction requires a trusted environment.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill triggers the installation of over 50 external Node.js packages from the npm registry during project initialization and bundling. Many of these are installed without pinned versions or integrity hashes.
[UNVERIFIABLE_DEPENDENCIES] (MEDIUM): The init-artifact.sh script extracts a local tarball shadcn-components.tar.gz. The contents of this archive are not visible in the source and could contain arbitrary code or assets that are automatically integrated into the project.
[DYNAMIC_EXECUTION] (LOW): Uses node -e to execute inline JavaScript strings for the purpose of manipulating JSON configuration files.

artifacts-builder