artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple bash scripts (
init-artifact.sh,bundle-artifact.sh) to automate environment setup, configuration patching, and bundling processes. - [COMMAND_EXECUTION]: Modifies system state by attempting to install
pnpmglobally usingnpm install -g pnpmif it is not already present. - [COMMAND_EXECUTION]: Uses
node -efor dynamic JavaScript execution to programmatically modify configuration files liketsconfig.jsonandtsconfig.app.jsonduring initialization. - [COMMAND_EXECUTION]: References and extracts a local archive file (
shadcn-components.tar.gz) into the source directory. This file is not included in the provided source code, rendering its contents unverifiable. - [EXTERNAL_DOWNLOADS]: Fetches a large number of dependencies from the public NPM registry, including React, Vite, Tailwind CSS, and various UI component libraries. These are documented as originating from well-known sources.
- [REMOTE_CODE_EXECUTION]: Executes
pnpm create vite, which downloads and runs a remote template script to bootstrap the project structure. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8):
- Ingestion points: Untrusted input enters the skill via the
PROJECT_NAMEargument ininit-artifact.shand through the developer's manual code edits during development. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill possesses significant capabilities including subprocess execution (
pnpm,sed,tar,node), file-system write access, and network operations. - Sanitization: No validation or sanitization is performed on the project inputs before they are incorporated into the build process.
Audit Metadata