web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
init-artifact.shandbundle-artifact.shexecute various system commands includingtar,sed, and package manager operations to manage the project lifecycle and extract local component archives.- [EXTERNAL_DOWNLOADS]: The skill downloads a large number of standard frontend development packages and tools (such as pnpm, vite, and radix-ui components) from the public npm registry during project initialization and bundling.- [REMOTE_CODE_EXECUTION]: The initialization script utilizesnode -eto programmatically modify configuration files liketsconfig.jsonto inject path aliases.- [PROMPT_INJECTION]: The skill functions as a builder tool for external code, creating a surface for indirect prompt injection.\n - Ingestion points: User-provided or agent-generated React source code and project metadata in
scripts/init-artifact.sh.\n - Boundary markers: Absent; the bundling process does not employ delimiters or security warnings to prevent the execution of instructions embedded within the source files.\n
- Capability inventory: The skill has extensive filesystem access and the ability to execute subprocesses via
pnpmandparcelbuild commands.\n - Sanitization: No sanitization or safety validation is performed on the source code before it is passed to the build and inlining tools.
Audit Metadata