artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The 'scripts/init-artifact.sh' script is vulnerable to indirect prompt injection via the project name argument ('$1'). This value is interpolated directly into a 'sed' command without sanitization or escaping, allowing an attacker to inject arbitrary HTML tags or malicious scripts into the generated 'index.html'. Evidence: Line 74 in 'scripts/init-artifact.sh'.
- COMMAND_EXECUTION (HIGH): The skill performs extensive shell operations including modifying global system state ('npm install -g pnpm') and running complex build pipelines with Parcel and Vite. This grants the agent significant control over the local environment.
- EXTERNAL_DOWNLOADS (LOW): The skill programmatically downloads a large number of dependencies from the npm registry. While these are standard development tools, the lack of version pinning for many packages and the volume of dependencies expand the supply chain attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata