web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple bash scripts (scripts/init-artifact.sh, scripts/bundle-artifact.sh) and uses node -e to dynamically run JavaScript for modifying configuration files. It also attempts a global installation of pnpm via npm install -g, which impacts the global system environment.- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads and installs over 50 Node.js packages from the npm registry. While these are standard libraries, many are not pinned to specific versions, increasing exposure to supply chain vulnerabilities and potential malicious package versions.- DYNAMIC_EXECUTION (MEDIUM): In scripts/init-artifact.sh, Node.js is used to execute code strings for JSON manipulation of tsconfig.json. The skill's primary purpose is to generate and bundle executable web artifacts (HTML/JS) which are later presented to users for browser execution.- INDIRECT_PROMPT_INJECTION (LOW): The skill processes user or agent-generated source code to create a single HTML file artifact. This creates an attack surface where malicious code injected into the source files could be executed in a browser context. Evidence:
- Ingestion points: scripts/bundle-artifact.sh processes index.html and project source files.
- Boundary markers: Absent; the bundler does not validate or sanitize source content against injection attacks.
- Capability inventory: Uses parcel and html-inline to generate a self-contained executable HTML file.
- Sanitization: None detected.
Audit Metadata