artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill installs reputable frontend development packages from the npm registry (Vite, Tailwind CSS, Parcel, Radix UI). This is standard behavior for project scaffolding and bundling.
- COMMAND_EXECUTION (SAFE): Bash scripts automate local project tasks such as directory creation, configuration file generation, and building. No unauthorized or elevated commands were detected.
- DYNAMIC_EXECUTION (SAFE): Local Node.js execution is used exclusively for modifying project configuration files (tsconfig.json) using hardcoded logic.
- INDIRECT_PROMPT_INJECTION (SAFE): The tool processes user-developed source code to create artifacts. This is its intended primary purpose and the environment lacks sensitive capabilities or data access that would allow for an exploit via this ingestion surface. 1. Ingestion points: src/ directory files. 2. Boundary markers: Absent. 3. Capability inventory: Local build tools. 4. Sanitization: Standard configuration management.
Audit Metadata