web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute local shell scripts (
scripts/init-artifact.shandscripts/bundle-artifact.sh) which are not included in the provided source files. This prevents auditing of the commands being run on the host system. - [EXTERNAL_DOWNLOADS] (HIGH): The bundling process explicitly triggers the installation of several Node.js packages (
parcel,@parcel/config-default,parcel-resolver-tspaths,html-inline) from external registries at runtime. This introduces risks of dependency confusion or compromised package versions. - [REMOTE_CODE_EXECUTION] (HIGH): The combination of shell script execution and runtime package installation allows for arbitrary code execution. If the missing scripts or the fetched packages are malicious, the host environment could be fully compromised.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill's primary purpose is to process and bundle code into HTML artifacts. If the code being processed includes untrusted data from a conversation without strict sanitization, it could lead to XSS or malicious payload injection within the generated artifact, which is then presented to the user.
Recommendations
- AI detected serious security threats
Audit Metadata