web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs over 50 Node.js packages from the npm registry across both
init-artifact.shandbundle-artifact.sh. While these are established libraries (Vite, Radix UI, React), the large dependency tree represents a standard supply chain risk. - [COMMAND_EXECUTION] (LOW): The script
scripts/init-artifact.shperforms a global package installation (npm install -g pnpm). While common in development environments, global installations represent a form of environment persistence/modification. The severity is lowered as this is typical for the skill's primary build-tooling purpose. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The skill generates executable HTML/JS artifacts based on user-influenced content and suggests testing them via browser automation (Playwright/Puppeteer).
- Ingestion points:
scripts/init-artifact.shtakes a project name as input; the development phase involves generating code based on user prompts. - Boundary markers: None. The scripts do not use delimiters or sanitization when assembling the final
bundle.html. - Capability inventory: File system modification (
sed,cat,tar), dependency installation (pnpm), and code execution (node -e,parcel). - Sanitization: None observed. The tool relies on the integrity of the LLM's code generation.
Audit Metadata