web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/init-artifact.shattempts to installpnpmglobally usingnpm install -g pnpmif it is not found. This constitutes a privilege escalation attempt by modifying the system-wide environment and binaries. - EXTERNAL_DOWNLOADS (MEDIUM): The skill installs over 50 dependencies from the public npm registry during initialization and bundling. While these are common libraries (React, Tailwind, Radix UI), the sheer volume and the automated nature of the installation represent a significant supply chain risk.
- REMOTE_CODE_EXECUTION (MEDIUM): The script
scripts/init-artifact.shusesnode -eto execute dynamic JavaScript snippets for modifyingtsconfig.jsonfiles. Additionally, the bundling process via Parcel involves executing complex build-time logic which can be exploited if project files are compromised. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: The script
scripts/init-artifact.shaccepts a user-controlled project name, andscripts/bundle-artifact.shprocesses local files likeindex.html. - Boundary markers: None present to distinguish between instructions and data.
- Capability inventory: The skill can execute shell commands, install packages, and perform file system operations.
- Sanitization: No sanitization or validation is performed on the project name or the content of the files being bundled.
Recommendations
- AI detected serious security threats
Audit Metadata