artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts
init-artifact.shandbundle-artifact.shinstall many packages from the npm registry (e.g.,vite,tailwindcss,parcel,radix-ui). These are well-known libraries from a trusted registry, and the downloads are essential for the skill's primary purpose. - Dynamic Execution (LOW): The initialization script uses
node -eto programmatically modifytsconfig.jsonandtsconfig.app.json. While these are configuration changes, the use of dynamic string execution for file modification is noted. - Indirect Prompt Injection (LOW): This skill is a code generation engine, which creates a potential surface for indirect injection if malicious instructions are embedded in the user's design requests. \n
- Ingestion points: User instructions provided to the agent are used to generate React source code files. \n
- Boundary markers: No explicit delimiters are used in the build scripts to separate user-originated content from the build logic. \n
- Capability inventory: The skill executes shell scripts, installs software via
pnpm, and runs a build pipeline usingparcel. \n - Sanitization: The provided scripts do not validate the generated code; security relies on the agent's internal safety filters and the runtime sandboxing of the resulting HTML artifact.
Audit Metadata