artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local bash scripts (
scripts/init-artifact.shandscripts/bundle-artifact.sh) to manage the project lifecycle. These are standard operational commands for a development-oriented skill. - [EXTERNAL_DOWNLOADS] (SAFE): The bundling process triggers the installation of common, reputable frontend dependencies (Parcel, Vite, React) from the NPM registry. These are well-known tools in the web development ecosystem.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill involves processing code artifacts developed by the user/agent. While this represents an ingestion of external data, the risk is minimal as the processing is confined to a standard build-and-bundle pipeline without sensitive data access.
Audit Metadata