The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The scripts init-artifact.sh and bundle-artifact.sh perform heavy-duty shell operations. The init-artifact.sh script is vulnerable to command injection because it directly interpolates the user-provided project name into shell commands like pnpm create and sed -i without any validation or sanitization.
EXTERNAL_DOWNLOADS (LOW): The skill installs over 50 Node.js packages from the npm registry at runtime. While these originate from a trusted source (npm), the large number of dependencies significantly expands the attack surface for supply chain vulnerabilities.
INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data (user-defined project name) and uses it to modify project files.
Ingestion points: PROJECT_NAME="$1" in scripts/init-artifact.sh.
Boundary markers: Absent.
Capability inventory: Subprocess calls (pnpm, npm, sed, tar), file system writes, and configuration updates.
Sanitization: Absent; the project name is used directly in string interpolation for shell commands, posing a risk of breakout if an attacker provides a name containing shell metacharacters like ;, &, or /.

web-artifacts-builder