artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes shell scripts (
init-artifact.sh,bundle-artifact.sh) to automate project scaffolding and bundling. These scripts perform routine development tasks like directory management, file manipulation viased, and calling package managers. - EXTERNAL_DOWNLOADS (SAFE): The skill installs numerous standard frontend development packages from the official NPM registry using
npmandpnpm. All identified packages are well-known libraries (e.g., React, Tailwind, Radix UI) necessary for the stated purpose of building UI artifacts. - DATA_EXFILTRATION (SAFE): There are no network requests directed at untrusted domains, and the scripts do not access sensitive file paths or environment variables.
- DYNAMIC_EXECUTION (SAFE): The initialization script uses Node.js (
node -e) to programmatically update TypeScript configuration files. This is a secure, localized operation to ensure correct project paths and does not involve executing untrusted strings or remote code.
Audit Metadata