web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell scripts (init-artifact.sh, bundle-artifact.sh) to automate project setup and bundling, involving system commands like sed, tar, and cat for file manipulation.
- [EXTERNAL_DOWNLOADS]: The initialization process involves installing numerous third-party packages from the official NPM registry to set up a React and shadcn/ui environment.
- [COMMAND_EXECUTION]: The script init-artifact.sh performs a global installation of pnpm using npm install -g pnpm, which modifies the global node environment.
- [COMMAND_EXECUTION]: Node.js is executed with the -e flag to programmatically update JSON configuration files during the project initialization process.
- [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms was found; the skill's behavior is consistent with its stated purpose of artifact generation.
Audit Metadata