artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes shell scripts (
init-artifact.sh,bundle-artifact.sh) to automate project setup and bundling. These scripts perform multiple system-level tasks including directory creation, configuration file generation, and file manipulation. - EXTERNAL_DOWNLOADS (LOW): The tool chain relies on a large number of external Node.js packages downloaded from the public npm registry. This includes React, Vite, Tailwind CSS, and over 40 shadcn/ui components. While these are standard industry tools, the skill facilitates the execution of a significant volume of external code.
- COMMAND_EXECUTION (LOW): The initialization script attempts to install the
pnpmpackage manager globally if it is not detected. While this modifies the environment, it is a standard requirement for the skill's operation. - EXTERNAL_DOWNLOADS (LOW): The initialization script extracts a local tarball (
shadcn-components.tar.gz) containing pre-defined components. This binary content is part of the skill's distribution.
Audit Metadata