The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs over 50 dependencies from the NPM registry via pnpm and npm. Several packages are installed using the 'latest' tag or through 'pnpm create', which can expose the environment to supply-chain vulnerabilities if packages are compromised.
[COMMAND_EXECUTION] (MEDIUM): The initialization script attempts to install pnpm globally (npm install -g pnpm). While not using sudo, global installations can alter the host environment's state. The scripts also execute various third-party binaries like Vite and Parcel.
[PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface because it is designed to build artifacts from agent-developed code. If the agent incorporates untrusted external data into the code it writes, malicious logic could be introduced into the resulting React application.
Ingestion points: The development phase (Step 2) where the agent creates the artifact content.
Boundary markers: Absent in scripts and skill instructions.
Capability inventory: Subprocess execution (bash, pnpm, parcel, vite), file system write access.
Sanitization: No sanitization or validation of the generated code or its inputs is performed by the scripts.

web-artifacts-builder