web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The scripts scripts/init-artifact.sh and scripts/bundle-artifact.sh download and install a large number of packages from the NPM registry. Evidence: npm install -g pnpm, pnpm install, and pnpm add -D parcel.
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands to set up the environment, extract component files, and modify configuration. Evidence: tar -xzf $COMPONENTS_TARBALL -C src/ in scripts/init-artifact.sh and various sed operations.
- REMOTE_CODE_EXECUTION (MEDIUM): The script scripts/bundle-artifact.sh uses pnpm exec to run downloaded tools like parcel and html-inline, which constitutes execution of code retrieved from a remote registry.
- INDIRECT_PROMPT_INJECTION (LOW): The skill handles code developed within the agent context for artifact generation without specific sanitization. Evidence Chain: 1. Ingestion points: Source code files generated and edited in Step 2. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution, file system access, and package installation. 4. Sanitization: Absent.
Audit Metadata