web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run local shell scripts (scripts/init-artifact.sh and scripts/bundle-artifact.sh) which are not provided for analysis, constituting unverified command execution.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation of various npm packages (parcel, html-inline, etc.) from public registries poses a supply chain risk, as the source is not an organization explicitly listed as trusted.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The project initialization and bundling phases involve the dynamic execution of downloaded build tools and their dependencies, which effectively executes third-party code.
- [PROMPT_INJECTION] (LOW): The skill possesses an attack surface for indirect prompt injection (Category 8). Evidence: (1) Ingestion: User-provided design requirements. (2) Boundary markers: Absent. (3) Capability inventory: Shell execution and file writing. (4) Sanitization: Absent.
Audit Metadata