web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The initialization script 'scripts/init-artifact.sh' installs the 'pnpm' package manager globally using 'npm install -g pnpm' if it is not already present, which modifies the global system environment.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs a wide range of well-known frontend development packages from the NPM registry, including 'vite', 'tailwindcss', 'parcel', and various '@radix-ui' components.
- [COMMAND_EXECUTION]: The skill programmatically modifies project configuration files such as 'tsconfig.json' and 'tsconfig.app.json' using 'node -e' to ensure correct path aliasing and environment settings.
- [COMMAND_EXECUTION]: The initialization process involves extracting a local archive 'shadcn-components.tar.gz' to the project's source directory to pre-populate it with UI components.
- [COMMAND_EXECUTION]: The 'scripts/bundle-artifact.sh' script executes build and inlining processes using Parcel and html-inline to create a self-contained HTML file.
Audit Metadata