web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses various shell commands to manage the development environment and build processes.
- The scripts/init-artifact.sh script attempts to install pnpm globally via npm install -g pnpm if it is not found on the system.
- It executes pnpm create vite and multiple pnpm install commands to set up the project structure and dependencies.
- The script extracts a local archive shadcn-components.tar.gz into the project's source directory.
- Inline Node.js scripts are used with node -e to programmatically modify tsconfig.json and tsconfig.app.json configuration files.
- The scripts/bundle-artifact.sh script uses parcel and html-inline to process and inline assets into a single HTML file.
- [EXTERNAL_DOWNLOADS]: The skill downloads numerous packages from the official NPM registry.
- These include core development tools such as Vite and Parcel, as well as a large set of libraries like Tailwind CSS and various Radix UI component primitives.
- These downloads are required for the skill's primary function but involve a significant number of external dependencies.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the processing of generated code.
- Ingestion points: The skill operates on and bundles code generated by the agent within the src/ directory of the project, which is derived from user-provided prompts.
- Boundary markers: No explicit boundary markers or instructions are implemented in the shell scripts to isolate the environment from potentially malicious code patterns within the generated files.
- Capability inventory: The skill possesses the capability to execute shell commands, install global packages, and write files to the disk.
- Sanitization: There is no sanitization or verification performed on the generated code before it is bundled and presented to the user.
Audit Metadata