The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill documentation explicitly instructs the agent to run scripts/init-artifact.sh and scripts/bundle-artifact.sh. These scripts perform automated installations of a large frontend stack, including React, Vite, and Parcel. The content of these scripts is not provided, making the download and installation process unverifiable.
REMOTE_CODE_EXECUTION (HIGH): Running the bundling and initialization scripts constitutes the execution of code that interacts with external registries (NPM). If these scripts or the registries are compromised, it leads to RCE on the agent host system.
COMMAND_EXECUTION (HIGH): The reliance on bash scripts for core functionality provides a direct mechanism for executing arbitrary commands. Without strict validation of parameters passed to these scripts (e.g., project name), there is a significant risk of command injection.
PROMPT_INJECTION (HIGH): As a tool designed to generate complex frontend applications based on user input, this skill is highly vulnerable to Indirect Prompt Injection (Category 8). An attacker could provide requirements that cause the agent to generate a 'bundled' HTML artifact containing malicious JavaScript which is then executed in the victim's browser context. [Category 8 Evidence Chain] 1. Ingestion points: User-provided specifications for the artifact features and UI. 2. Boundary markers: None identified; the skill does not specify how to separate user instructions from generation logic. 3. Capability inventory: File system access, shell execution, and network access for package installation. 4. Sanitization: No evidence of sanitization for user-generated content before it is bundled into the final HTML output.

web-artifacts-builder