The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill automates a project lifecycle where user-driven prompts influence the creation of configuration and source files. These files are then processed by high-capability build tools. \n* Ingestion points: init-artifact.sh and bundle-artifact.sh operate on package.json, component source code, and configuration files generated by the agent based on user input. \n* Boundary markers: None found. No delimiters or instruction barriers are used to isolate untrusted user data. \n* Capability inventory: pnpm install, pnpm build, and pnpm exec provide pathways for arbitrary code execution via lifecycle scripts (e.g., preinstall, postinstall) or configuration hooks. \n* Sanitization: The skill performs no validation or sanitization of the generated project files before execution. \n- Command Execution (HIGH): The init-artifact.sh script performs a global software installation (npm install -g pnpm) which modifies the global environment. Additionally, it uses dynamic Node.js execution (node -e) to modify configuration files, which can be a vector for exploitation if the inputs are manipulated. \n- External Downloads (MEDIUM): The skill orchestrates the installation of over 50 external dependencies from the npm registry. While these appear to be standard frontend libraries, the lack of complete version pinning and the massive volume of external code significantly increase supply chain risks.

artifacts-builder