web-artifacts-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill instructions specify that the bundling process installs multiple Node.js packages at runtime, including 'parcel', '@parcel/config-default', 'parcel-resolver-tspaths', and 'html-inline'. This introduces a dependency on external package registries and potential supply chain risks.
- Command Execution (MEDIUM): The skill relies on the execution of shell scripts ('scripts/init-artifact.sh' and 'scripts/bundle-artifact.sh') to initialize the environment and bundle artifacts. These scripts are referenced but not provided for inspection, meaning their exact behavior on the host system cannot be verified.
- Dynamic Execution (MEDIUM): The skill facilitates a runtime build pipeline where Vite and Parcel compile and bundle dynamically generated React/TypeScript code. This runtime transformation of code is a medium-risk pattern as it involves executing build tools on generated content.
Audit Metadata