web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script 'scripts/init-artifact.sh' is vulnerable to shell injection through the project name argument. The variable '$PROJECT_NAME' (from '$1') is interpolated directly into a 'sed' command without escaping: 'sed -i ... '"$PROJECT_NAME"' ...'. This allows an attacker to execute arbitrary 'sed' commands or inject content into files.
- [PROMPT_INJECTION] (HIGH): The skill lacks input validation on the project name, creating a significant surface for indirect prompt injection. A malicious prompt providing a specially crafted name could compromise the setup process.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs a global installation of 'pnpm' ('npm install -g pnpm') and downloads over 50 packages from the npm registry. Global installations and excessive external dependencies increase the attack surface and can affect the host environment.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The build process uses 'node -e' to dynamically execute JavaScript code for modifying project configuration files. While used for initialization, this pattern of runtime code generation and execution on configuration data is a risk factor.
Recommendations
- AI detected serious security threats
Audit Metadata