Skills
skills/tazomatalax/context-engineering/web-artifacts-builder/Gen Agent Trust Hub

web-artifacts-builder

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The init-artifact.sh and bundle-artifact.sh scripts install a large volume of NPM dependencies (over 50 packages) from the public registry. Many of these packages are not pinned to specific versions, which introduces supply chain risk and potential for breaking changes or malicious updates in the dependency tree.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell scripts to automate project configuration. It executes pnpm and npm commands, including global installation (npm install -g pnpm). It also uses node -e to execute inline JavaScript for modifying configuration files (tsconfig.json), which is a form of dynamic code execution.
  • [DATA_EXFILTRATION] (SAFE): No evidence of sensitive file access or network exfiltration was detected. The network operations are limited to standard package manager downloads (NPM/pnpm).
  • [PROMPT_INJECTION] (SAFE): No prompt injection markers or attempts to bypass agent safety guidelines were found in the documentation or metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:47 AM