web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell scripts included in the skill package (scripts/init-artifact.sh and scripts/bundle-artifact.sh) to set up projects and bundle code into a single file.
- [EXTERNAL_DOWNLOADS]: The bundling process triggers the installation of several well-known Node.js packages from the npm registry, such as parcel, @parcel/config-default, parcel-resolver-tspaths, and html-inline.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it generates code based on user requirements. This code is then bundled and displayed to the user, creating an opportunity for malicious instructions in the user's request to be executed within the artifact's environment. * Ingestion points: User-provided instructions for artifact functionality in Step 2. * Boundary markers: No delimiters or warnings are specified for the code generation process. * Capability inventory: Execution of local scripts (bash) and external package management (npm). * Sanitization: The skill does not describe any sanitization or validation of the code generated from user input.
Audit Metadata