web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The scripts
init-artifact.shandbundle-artifact.shdownload and install numerous packages from the NPM registry at runtime, includingvite,parcel, and various@radix-uicomponents. While these are standard tools, the unpinned nature of some dependencies and runtime installation pose a supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill relies heavily on shell scripts to orchestrate the build process. It uses
node -eininit-artifact.shto dynamically execute JavaScript for patchingtsconfig.jsonandtsconfig.app.json. This pattern of runtime code generation and execution is a security concern if the input data were to be compromised. - [PRIVILEGE_ESCALATION] (MEDIUM): The
init-artifact.shscript attempts to perform a global installation ofpnpm(npm install -g pnpm) if it is not detected. Modifying the global system environment is a high-impact action that typically requires elevated permissions. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface where untrusted data (the project name) is interpolated into shell commands.
- Ingestion points:
scripts/init-artifact.sh(argument$1). - Boundary markers: None present.
- Capability inventory: Subprocess calls (
pnpm create,pnpm install), file writes (cat > ...), and directory navigation. - Sanitization: None detected for the project name input.
Audit Metadata