web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes shell scripts (
init-artifact.shandbundle-artifact.sh) to automate the setup and build process of a React application. These operations are transparent and align perfectly with the skill's stated purpose. - [EXTERNAL_DOWNLOADS] (SAFE): The scripts download standard frontend dependencies (e.g., Vite, Tailwind CSS, Radix UI) from the official npm/pnpm registries. No suspicious or unverified external sources are used.
- [DYNAMIC_EXECUTION] (LOW): The initialization script uses
node -eto programmatically updatetsconfig.jsonandtsconfig.app.json. This is a common and safe practice for automating configuration changes during project setup. - [PRIVILEGE_ESCALATION] (LOW): The script attempts to install
pnpmglobally (npm install -g pnpm) if it is not present. While global installs can involve elevated permissions, this is a standard procedure for configuring a JavaScript development environment.
Audit Metadata