artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes
bash scripts/init-artifact.shandbash scripts/bundle-artifact.sh. These scripts are not included in the provided documentation, making their internal behavior opaque and unverifiable. Execution of unknown shell scripts poses a significant risk of arbitrary code execution or system compromise. - [EXTERNAL_DOWNLOADS] (MEDIUM): The
bundle-artifact.shscript is documented to install several Node.js packages at runtime (parcel,html-inline, etc.). Dynamic installation of dependencies from external registries without strict version pinning or integrity checks (SRI) is a supply chain risk. - [PROMPT_INJECTION] (HIGH): This skill represents a high-risk surface for indirect prompt injection (Category 8).
- Ingestion points: The user-provided
<project-name>and the React code generated/edited by the agent (which may be influenced by untrusted user prompts). - Boundary markers: None are specified for the script inputs or the bundling process.
- Capability inventory: The skill possesses shell execution capabilities, file system write access, and network access for dependency installation.
- Sanitization: There is no evidence of sanitization for the project name argument (susceptible to command injection) or the generated HTML content. An attacker could inject malicious JavaScript into the bundled artifact to exfiltrate session data or perform actions on behalf of the user when the artifact is viewed.
- [REMOTE_CODE_EXECUTION] (MEDIUM): By installing and executing external packages (Parcel) to bundle user-influenced code, the skill performs runtime code assembly and execution of third-party logic.
Recommendations
- AI detected serious security threats
Audit Metadata