artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- External Downloads (HIGH): The scripts/bundle-artifact.sh script is documented to install several Node.js packages at runtime, including parcel, @parcel/config-default, parcel-resolver-tspaths, and html-inline. This introduces supply chain risks by downloading and executing third-party code.
- Command Execution (HIGH): The skill requires the execution of powerful local shell scripts (init-artifact.sh, bundle-artifact.sh) to perform file system operations and trigger build processes.
- Remote Code Execution (HIGH): The skill implements a build pipeline (Vite/Parcel) that processes code generated by the agent. If an attacker influences the agent's output through malicious prompts, they can inject code that is executed with the privileges of the build tool.
- Indirect Prompt Injection (HIGH): (Category 8) · Ingestion points: User requirements used to generate the artifact source code. · Boundary markers: No delimiters or ignore instructions are present to prevent the agent from obeying instructions embedded in the user input. · Capability inventory: The skill has the capability to write files and execute shell scripts that trigger build tools. · Sanitization: No sanitization of user-provided content is performed before interpolating it into the project files.
Recommendations
- AI detected serious security threats
Audit Metadata