artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (scripts/init-artifact.sh and scripts/bundle-artifact.sh) to manage project lifecycles. It executes local commands including pnpm, npm, and tar to install dependencies and manage files.
- [EXTERNAL_DOWNLOADS]: The initialization process downloads numerous well-known packages from the official NPM registry, including the Vite build tool, React libraries, and UI component frameworks like Radix UI.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes and bundles code that may be generated based on untrusted input.
- Ingestion points: The src/ directory of the project where the agent develops the artifact content.
- Boundary markers: No explicit delimiters or instructions are used in the scripts to isolate the processed code from the execution environment.
- Capability inventory: The build environment allows for file system operations and execution of external tools like Parcel during the bundling phase.
- Sanitization: There is no explicit sanitization or safety validation performed on the source code before it is bundled into the final HTML artifact.
Audit Metadata