artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell scripts (
init-artifact.sh,bundle-artifact.sh) to perform environment setup, project creation, and asset bundling. These scripts execute a wide range of commands including file system operations and external tool invocations.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): A significant number of Node.js packages are downloaded from the npm registry during project initialization and bundling. This relies on the security of the public npm infrastructure and the integrity of third-party maintainers.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Tools likepnpm createandpnpm installfetch and execute remote code/scripts. Additionally, theparcelbundler andhtml-inlineutility execute during the build process, which involves processing potentially complex dependency graphs.\n- [DYNAMIC_EXECUTION] (MEDIUM): Theinit-artifact.shscript executes dynamic JavaScript vianode -eto programmatically updatetsconfig.jsonandtsconfig.app.jsonfiles. While the code is defined statically in the script, this pattern of runtime code execution is a common vector for exploitation if inputs are compromised.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it accepts a user-provided project name which is then used as a parameter in shell commands.\n - Ingestion points: The
<project-name>argument inscripts/init-artifact.sh.\n - Boundary markers: None; the variable is interpolated directly into command strings.\n
- Capability inventory: The script has permission to write to the filesystem, install packages, and execute Node.js code.\n
- Sanitization: No input validation or sanitization is performed on the project name before its use in
pnpm create vite "$PROJECT_NAME".
Audit Metadata