artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The
bundle-artifact.shscript automatically installs several packages (parcel,@parcel/config-default,parcel-resolver-tspaths,html-inline) usingpnpm add -D. These dependencies are fetched from the public NPM registry at runtime without version pinning, which introduces a supply chain risk where a compromised package version could execute malicious code during the build process. - COMMAND_EXECUTION (MEDIUM): The skill facilitates the execution of shell scripts that modify the file system and install software. Specifically,
bundle-artifact.shusescatto overwrite.parcelrc,rm -rfto delete directories, andpnpm execto run local binaries. There is a risk of command injection if the user-provided<project-name>orTHEME_COLORvariables contain shell metacharacters (e.g.,;,&&), as they are passed directly to the shell inSKILL.mdinstructions. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a surface for indirect injection by processing user-controlled project names and theme colors into shell execution paths.
- Ingestion points: User-provided
<project-name>andTHEME_COLORvariables inSKILL.mdStep 1. - Boundary markers: Absent; inputs are interpolated directly into shell command strings.
- Capability inventory: The script
bundle-artifact.shpossesses capabilities for file deletion (rm), file writing (cat), and package execution (pnpm exec). - Sanitization: No sanitization logic is present in the provided shell script to escape or validate the project name or theme color before execution.
- DATA_EXPOSURE (SAFE): No patterns of sensitive file access (like SSH keys or AWS credentials) or exfiltration to external domains were found.
Audit Metadata