The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The script scripts/init-artifact.sh performs a global package installation using npm install -g pnpm. This modifies the host environment and may require elevated privileges, which is a significant security concern for an agent-based skill.- [EXTERNAL_DOWNLOADS] (MEDIUM): Both init-artifact.sh and bundle-artifact.sh download a large number of packages from the npm registry (e.g., Vite, Parcel, Tailwind, and Radix UI components). These packages are executed as part of the build and bundling process.- [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell scripts to orchestrate the build process, including directory manipulation, file creation, and executing package binaries through pnpm exec.- [COMMAND_EXECUTION] (LOW): The script init-artifact.sh extracts a local archive shadcn-components.tar.gz. While the archive is included with the skill, its contents are not verified during static analysis and are placed directly into the project source.- [COMMAND_EXECUTION] (LOW): The setup process uses node -e to execute inline JavaScript for programmatically modifying project configuration files like tsconfig.json.

web-artifacts-builder