web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The script
scripts/init-artifact.shexecutesnpm install -g pnpmif the package manager is missing. Installing global packages typically requires administrative or root privileges and modifies the global system environment. - Unverifiable Dependencies (MEDIUM): The skill installs approximately 60 Node.js packages across two scripts (
init-artifact.shandbundle-artifact.sh). While many are standard libraries (e.g., React, Tailwind), the use of unpinned versions or 'latest' tags creates a large attack surface for supply chain compromises. - Command Execution & Opaque Data (HIGH): In
scripts/init-artifact.sh, the commandtar -xzf "$COMPONENTS_TARBALL" -C src/extracts a local archive (shadcn-components.tar.gz) into the source directory. The contents of this archive are not provided for auditing, meaning it could contain malicious scripts or obfuscated code that is subsequently executed during thepnpm exec parcel buildstep. - Dynamic Execution (MEDIUM): The skill uses
node -eto programmatically modifytsconfig.jsonandtsconfig.app.jsonvia inline JavaScript. This involves parsing and rewriting JSON files at runtime, which can be risky if input variables (like$PROJECT_NAME) are manipulated. - Indirect Prompt Injection (LOW): As a generator for HTML 'artifacts', the skill creates a surface where malicious instructions could be embedded in the processed data.
- Ingestion points: User-edited code in the
src/directory. - Boundary markers: None identified in the bundling script.
- Capability inventory: Subprocess calls for
pnpm,parcel, andhtml-inlineinscripts/bundle-artifact.sh. - Sanitization: None; the script inlines all assets into a single HTML file without validation.
Recommendations
- AI detected serious security threats
Audit Metadata