The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs extensive installation of external dependencies from the npm registry.
scripts/init-artifact.sh installs pnpm globally and over 50 frontend development packages (React, Tailwind, Radix UI, etc.).
scripts/bundle-artifact.sh installs parcel, html-inline, and other bundling tools at runtime.
[COMMAND_EXECUTION] (MEDIUM): Complex shell scripts execute multiple system-level commands.
scripts/init-artifact.sh performs global software installation (npm install -g pnpm) and extracts a local archive (shadcn-components.tar.gz).
scripts/bundle-artifact.sh executes build processes and file system modifications.
[DYNAMIC_EXECUTION] (MEDIUM): The skill uses dynamic code execution to modify configuration files.
scripts/init-artifact.sh uses node -e to execute JavaScript strings for programmatically updating tsconfig.json and tsconfig.app.json.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill has a vulnerability surface for indirect injection since it processes user-provided content into executable web artifacts.
Ingestion points: User instructions described in SKILL.md are transformed into React code.
Boundary markers: None are implemented in the provided scripts to distinguish instructions from data.
Capability inventory: File system access, network downloads (via pnpm), and subprocess execution.
Sanitization: No sanitization or validation of the generated artifact content is visible in the provided infrastructure scripts.

artifacts-builder