web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (
scripts/init-artifact.shandscripts/bundle-artifact.sh) to automate project management. init-artifact.shcreates a project structure and writes configuration files (package.json,tsconfig.json, etc.).bundle-artifact.shexecutesnpx parcel buildand a Node.js script to process build outputs.- [EXTERNAL_DOWNLOADS]: The skill configures a
package.jsonthat requires several standard frontend dependencies from the official NPM registry. - Dependencies include well-known libraries such as
react,vite,tailwindcss, andparcel. - No non-standard or untrusted registries are used.
- [DYNAMIC_EXECUTION]: The
bundle-artifact.shscript utilizes a Node.js heredoc to execute an embedded script for file manipulation. - This script is used locally to inline assets (CSS, JS, images) into a single HTML file as part of its primary bundling function.
- No untrusted or remote code is dynamically executed.
Audit Metadata