web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill's bundling process installs npm packages like parcel and html-inline at runtime. While these are common tools, runtime installation without a lockfile or checksum verification in the skill documentation poses a supply chain risk.
- [Command Execution] (HIGH): The core functionality relies on running local bash scripts (init-artifact.sh, bundle-artifact.sh) which are not provided for inspection. These scripts have broad capabilities to modify the file system and install software.
- [Indirect Prompt Injection] (HIGH): The skill lacks sanitization and boundary markers for user-provided requirements that are used to generate React code. Evidence Chain: 1. Ingestion points: User instructions for artifact features (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: bash execution, npm installation, and file writes via Vite/Parcel (scripts/bundle-artifact.sh). 4. Sanitization: Absent. An attacker could provide requirements that result in the generation of malicious code.
- [Dynamic Execution] (MEDIUM): The tool is designed to compile and bundle code at runtime using Parcel. This mechanism can be exploited to execute injected malicious logic within the agent's environment or the user's browser.
Recommendations
- AI detected serious security threats
Audit Metadata