web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill requires the execution of
scripts/init-artifact.shandscripts/bundle-artifact.sh. The contents of these scripts are not provided in the source file, making them opaque and unverifiable. They have the capability to perform arbitrary system operations. - REMOTE_CODE_EXECUTION (HIGH): According to the documentation,
scripts/bundle-artifact.shinstalls multiple Node.js packages at runtime (e.g., parcel, html-inline). Executing unpinned or dynamically installed dependencies from a script with unknown logic is a high-risk pattern for supply chain attacks. - INDIRECT PROMPT INJECTION (HIGH): The skill's workflow involves taking user-influenced React/TypeScript code and bundling it into a single HTML file. This represents a significant injection surface where malicious code provided by a user (e.g., to steal cookies or session data) could be bundled and then executed when the agent 'displays the artifact' to the user or another agent. No sanitization or boundary markers are mentioned.
- DYNAMIC EXECUTION (MEDIUM): The skill involves generating, compiling, and bundling code at runtime. While this is the stated purpose, the lack of control over the inputs and the use of external build tools (Vite, Parcel) increase the risk of malicious code being incorporated into the final executable artifact.
Recommendations
- AI detected serious security threats
Audit Metadata