web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The initialization script scripts/init-artifact.sh is vulnerable to shell/argument injection via the project name parameter.
- Ingestion point: Project name argument $1 (line 49).
- Boundary markers: Absent.
- Capability inventory: File system modification via sed (line 57), and remote code execution/installation via pnpm (line 50, 71, etc.).
- Sanitization: Absent; the $PROJECT_NAME variable is concatenated unquoted into the sed command string, allowing an attacker to manipulate the command or the resulting HTML file content.
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs numerous remote operations to fetch dependencies and scaffold projects.
- Evidence: Usage of pnpm create vite and extensive pnpm install calls for over 50 dependencies. Downgraded per [TRUST-SCOPE-RULE] as the source is the trusted anthropics/skills repository.
- [PRIVILEGE_ESCALATION] (MEDIUM): The initialization script modifies global system state.
- Evidence: Line 44 of scripts/init-artifact.sh attempts npm install -g pnpm, which may require elevated permissions and affects the host environment outside the skill local directory.
Recommendations
- AI detected serious security threats
Audit Metadata