Skills
skills/teachingai/full-stack-skills/web-artifacts-builder/Gen Agent Trust Hub

web-artifacts-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The scripts init-artifact.sh and bundle-artifact.sh execute numerous shell commands to manage files, configure the environment, and build the project.
  • Evidence: Frequent use of pnpm install, sed, cat, and tar in both scripts.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads and installs a large number of dependencies from the npm registry during both initialization and bundling.
  • Evidence: npm install -g pnpm and extensive lists of React/shadcn dependencies in init-artifact.sh and bundle-artifact.sh.
  • REMOTE_CODE_EXECUTION (MEDIUM): The script executes npm install -g pnpm. Global installations modify the host environment and execute code from an external source with high privileges.
  • Evidence: npm install -g pnpm in init-artifact.sh.
  • INDIRECT PROMPT INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its ingestion of user-controlled files or project names.
  • Ingestion points: The <project-name> argument in init-artifact.sh and existing package.json or index.html files in bundle-artifact.sh.
  • Boundary markers: Absent. No delimiters or instructions are used to separate untrusted data from shell commands.
  • Capability inventory: Capability to execute pnpm install (which runs lifecycle scripts), pnpm exec parcel, and file-writing via cat and sed.
  • Sanitization: Absent. Project names and file contents are used directly in shell commands (e.g., sed and directory creation).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:02 PM