web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads numerous development dependencies from the npm registry, including Vite, Tailwind CSS, Radix UI, and Parcel. These are well-known, industry-standard packages from trusted sources.
- [COMMAND_EXECUTION]: Shell scripts are used to automate project initialization (
init-artifact.sh) and bundling (bundle-artifact.sh). These scripts execute standard system commands such aspnpm,tar,sed, andnodeto manage files and configurations. These actions are necessary for the skill's primary function. - [PROMPT_INJECTION]: The project initialization script is potentially vulnerable to indirect prompt injection via the project name argument.
- Ingestion points: The
<project-name>argument inscripts/init-artifact.shis used directly in shell commands and file templates. - Boundary markers: The script lacks validation or sanitization for the project name input.
- Capability inventory: The skill possesses file system access, command execution, and package installation capabilities.
- Sanitization: Although the variable is quoted in most shell contexts, it is interpolated into a
sedcommand string without escaping, which could lead to malformed files or unexpected command behavior if given adversarial input. This is noted as a best-practice violation rather than a malicious threat.
Audit Metadata