The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The script scripts/init-artifact.sh is vulnerable to shell command injection via the project name argument. The variable $PROJECT_NAME, assigned from the first positional argument $1, is interpolated into a sed command without sanitization on line 62: $SED_INPLACE 's/<title>.*<\/title>/<title>'"$PROJECT_NAME"'<\/title>/' index.html. An attacker can escape the shell string by including single quotes and execute arbitrary commands (e.g., proj'; touch /tmp/pwned; ').
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs multiple external downloads and installations. It installs pnpm globally using npm install -g pnpm, uses pnpm create vite to generate projects, and installs over 50 frontend dependencies and bundling tools (parcel, html-inline) from public registries. This introduces significant supply chain risk.
[COMMAND_EXECUTION] (MEDIUM): The skill uses node -e to dynamically modify tsconfig.json and tsconfig.app.json. While the logic is currently hardcoded, this pattern of dynamic execution for configuration management increases the complexity and potential attack surface for environment-based exploits.

artifacts-builder