The Agent Skills Directory

External Downloads (MEDIUM): The skill installs numerous Node.js packages from the npm registry, including an unverifiable library @agenticindiedev/ui and several build tools. These dependencies are not from trusted organizations specified in the security policy.
Remote Code Execution (MEDIUM): The scripts/init-artifact.sh file executes pnpm create vite, which fetches and runs a remote project initializer from the npm registry. This is a form of runtime remote code execution.
Command Execution (MEDIUM): The scripts execute shell commands to modify the system state, specifically installing a global package (npm install -g pnpm). It also uses node -e to execute JavaScript code passed as a string to manipulate configuration files.
Prompt Injection (MEDIUM): The skill identifies as a surface for Indirect Prompt Injection. 1. Ingestion points: User or external data used to define the artifact's content in scripts/init-artifact.sh and subsequent development; 2. Boundary markers: Absent; 3. Capability inventory: Full filesystem write, command execution via pnpm, and bundling of arbitrary JS/HTML in scripts/bundle-artifact.sh; 4. Sanitization: Absent. Malicious instructions could be bundled into the final artifact, leading to XSS or other client-side attacks when the artifact is rendered for a user.

artifacts-builder