The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill creates an automated pipeline where an AI agent generates React code that is subsequently compiled and bundled into an executable HTML artifact.
Ingestion points: The agent is instructed to "edit the generated code" in the src/ directory, typically based on user-provided requirements (File: SKILL.md).
Boundary markers: There are no markers or instructions to prevent the agent from including malicious scripts in the generated code.
Capability inventory: The skill uses Parcel and html-inline to build and bundle the code into a single file (bundle.html) that can execute in a user's browser (File: scripts/bundle-artifact.sh).
Sanitization: No sanitization or validation is performed on the code before bundling.
Risk: If a user or an external source provides malicious instructions, the agent may unwittingly include harmful scripts (XSS, data exfiltration) in the final artifact.
Remote Code Execution / External Downloads (HIGH): The init-artifact.sh and bundle-artifact.sh scripts install and execute a large number of external packages from npm at runtime.
Global Installation: The script attempts to install pnpm globally using npm install -g pnpm, which modifies the host system environment.
Unpinned Dependencies: Many packages (e.g., @radix-ui/*, lucide-react) are installed without specific versions, creating a supply chain risk (File: scripts/init-artifact.sh).
Build-time Execution: The skill executes pnpm exec parcel and pnpm exec html-inline, running code from these downloaded packages.
Command Execution (LOW): The scripts use sed -i to modify local files and tar -xzf to extract a local tarball (shadcn-components.tar.gz). While common for setup, these actions occur automatically on the user's filesystem.

web-artifacts-builder