artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/init-artifact.shscript is vulnerable to shell command injection. The first argument passed to the script,$PROJECT_NAME, is used directly in multiple shell commands without sanitization or proper quoting. - Evidence in
scripts/init-artifact.sh(line 72):pnpm create vite "$PROJECT_NAME" --template react-ts. While the variable is double-quoted, an attacker could provide a name starting with a hyphen to inject command-line flags. - Evidence in
scripts/init-artifact.sh(line 78):$SED_INPLACE 's/<title>.*<\/title>/<title>'"$PROJECT_NAME"'<\/title>/' index.html. The variable is inserted between single-quoted strings, allowing for shell metacharacter injection if the project name contains backticks, semicolons, or other command separators. - [EXTERNAL_DOWNLOADS]: The skill's scripts perform extensive automated downloads and installations of Node.js packages at runtime.
- Evidence in
scripts/init-artifact.sh: Installspnpmglobally vianpm, then usespnpmto installvite,tailwindcss,radix-uicomponents, and over 40 other frontend dependencies. - Evidence in
scripts/bundle-artifact.sh: Dynamically installsparcel,@parcel/config-default,parcel-resolver-tspaths, andhtml-inlineevery time a bundle is created. - [REMOTE_CODE_EXECUTION]: The skill executes code downloaded from the internet during its initialization and bundling phases using
pnpm execandpnpm create. - Evidence in
scripts/bundle-artifact.sh: Executesparcelandhtml-inlinedirectly from the downloadednode_modules. - [NO_CODE]: The skill relies on an opaque local archive
scripts/shadcn-components.tar.gzwhich is extracted into the project source at runtime. The contents of this archive are not visible in the skill's source files, representing unverified code being introduced to the user's environment.
Recommendations
- AI detected serious security threats
Audit Metadata