artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection. It takes instructions to develop and bundle React applications. A malicious instruction set can lead to the creation of artifacts containing XSS or other web-based exploits that execute when the user views the result. Ingestion points include the project name and the code development phase. Capability includes automated builds and packaging.
- COMMAND_EXECUTION (HIGH): The 'scripts/init-artifact.sh' script is vulnerable to content injection. The project name parameter is used unvalidated in a 'sed' command, allowing an attacker to inject arbitrary HTML or scripts directly into the project's 'index.html' entry point.
- REMOTE_CODE_EXECUTION (MEDIUM): The skill implements a dynamic execution pipeline where it writes code and then invokes build tools (Vite, Parcel) to compile and execute that code. This automated execution of generated content poses a risk if the generation process is influenced by untrusted data.
- EXTERNAL_DOWNLOADS (LOW): The skill installs over 50 dependencies from npm. While these are common packages, the lack of version pinning for several packages and the absence of integrity checks increases supply chain risk.
- COMMAND_EXECUTION (LOW): The initialization script attempts to install 'pnpm' globally using 'npm install -g', which modifies the global system environment and may require elevated privileges.
Recommendations
- AI detected serious security threats
Audit Metadata