The Agent Skills Directory

[Remote Code Execution] (HIGH): The skill frequently executes remote code from the NPM registry via pnpm create vite and pnpm exec parcel. These tools fetch and run logic at runtime, which could be compromised if the agent is directed to use malicious inputs or modified project templates.
[Indirect Prompt Injection] (HIGH): (Category 8) The skill exhibits a high-privilege attack surface. Ingestion points: User-provided <project-name> in scripts/init-artifact.sh and general artifact requirements. Boundary markers: None. Capability inventory: Includes npm install -g, pnpm install, node -e, and pnpm exec parcel. Sanitization: Absent; the project name is interpolated directly into sed and directory operations.
[Unverifiable Dependencies] (MEDIUM): (Category 4) The skill extracts a local tarball (shadcn-components.tar.gz) of unknown provenance into the project's src/ directory. This bypasses package manager checks and could be used to distribute malicious component code.
[Privilege Escalation] (MEDIUM): The scripts/init-artifact.sh script installs pnpm globally (npm install -g pnpm), which changes the host system's global environment and may affect other processes.
[Dynamic Execution] (MEDIUM): The initialization script uses node -e to dynamically modify JSON configuration files. This constitutes runtime code execution that could be exploited if inputs are crafted to escape string boundaries.
[External Downloads] (LOW): The skill installs over 50 dependencies from NPM. While the packages are standard, the volume of external code introduces a dependency supply chain risk.

web-artifacts-builder