artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill installs numerous legitimate frontend packages from the npm registry, including Vite, Tailwind CSS, Parcel, and Radix UI components. These downloads are necessary for the skill's stated purpose of building web artifacts.
- COMMAND_EXECUTION (SAFE): The provided scripts (init-artifact.sh, bundle-artifact.sh) automate project setup and bundling using standard shell commands and Node.js for configuration file management. The operations are transparent and consistent with a development environment.
- PROMPT_INJECTION (SAFE): The documentation contains styling and design guidelines to improve output quality but does not attempt to bypass safety filters or override agent instructions.
- DATA_EXFILTRATION (SAFE): The skill does not access sensitive local paths or perform unauthorized network requests.
Audit Metadata