skills/sebas-aikon-intelligence/antigravity-awesome-skills/web-artifacts-builder/Gen Agent Trust Hub
web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script 'scripts/init-artifact.sh' executes 'npm install -g pnpm' to modify the global system state. This represents an unauthorized privilege escalation of the installation scope, affecting the host environment beyond the skill's directory.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple scripts perform extensive 'pnpm install' operations, downloading over 50 dependencies from the public NPM registry at runtime. This introduces a heavy reliance on external sources and a broad attack surface for supply chain compromises.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'scripts/init-artifact.sh' script uses 'pnpm create vite', which downloads and executes a remote project initialization package from the internet.
- [COMMAND_EXECUTION] (MEDIUM): 'scripts/bundle-artifact.sh' executes project-local binaries like Parcel and html-inline via 'pnpm exec' to build and inline assets, involving multiple subprocess calls to externally managed code.
Recommendations
- AI detected serious security threats
Audit Metadata