artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes bash scripts (
init-artifact.sh,bundle-artifact.sh) to automate project setup and bundling. The commands include standard file system operations, package management, and build execution which are appropriate for its stated purpose. - EXTERNAL_DOWNLOADS (SAFE): Dependencies are retrieved from the official npm registry using
pnpmandnpm. These include well-known libraries such as Vite, Tailwind CSS, Lucide React, and Radix UI components. - PROMPT_INJECTION (SAFE): The markdown instructions contain natural language guidance for the AI agent (e.g., avoiding 'AI slop' and layout tips) which do not attempt to bypass safety filters or override core agent behavior.
- DYNAMIC_EXECUTION (SAFE): One-liner Node.js scripts (
node -e) are used to programmatically update configuration files liketsconfig.json. This is a common and safe practice for automated project initialization. - DATA_EXFILTRATION (SAFE): No network requests to non-whitelisted or suspicious domains were detected. Network operations are limited to standard package installations.
Audit Metadata