web-artifacts-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/init-artifact.shattempts to install a global package usingnpm install -g pnpm. Global installations typically require administrative (root) privileges, posing a risk of privilege escalation. - COMMAND_EXECUTION (MEDIUM): The script
scripts/init-artifact.shutilizesnode -eto execute dynamically constructed JavaScript code for modifying project configuration files (tsconfig.jsonandtsconfig.app.json). - EXTERNAL_DOWNLOADS (LOW): The scripts
scripts/init-artifact.shandscripts/bundle-artifact.shautomatically install a large number of Node.js dependencies from the npm registry at runtime, including parcel, vite, and numerous UI components. - PROMPT_INJECTION (LOW): The skill initialization script accepts a project name as a command-line argument which is used directly in shell commands and file writing without sanitization, creating a surface for indirect prompt injection. (Evidence: Ingestion point in
init-artifact.shvia$1; Boundary markers: Absent; Capability: Shell execution and file creation; Sanitization: Absent).
Recommendations
- AI detected serious security threats
Audit Metadata