artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell scripts (
scripts/init-artifact.shandscripts/bundle-artifact.sh) to automate project scaffolding, environment configuration, and asset bundling. - [EXTERNAL_DOWNLOADS]: Both scripts use
npmandpnpmto download a wide range of standard, well-known frontend development packages from the public NPM registry, including Vite, Tailwind CSS, and Radix UI libraries. - [COMMAND_EXECUTION]: The
init-artifact.shscript executes inline Node.js code (node -e) to programmatically update project configuration files liketsconfig.jsonduring the setup process. - [COMMAND_EXECUTION]: The initialization script extracts a local tarball archive (
shadcn-components.tar.gz) to prepopulate the project with UI components. - [COMMAND_EXECUTION]:
scripts/init-artifact.shincludes a check for thepnpmpackage manager and attempts to install it globally usingnpm install -g pnpmif it is not present.
Audit Metadata