web-artifacts-builder

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell scripts (scripts/init-artifact.sh and scripts/bundle-artifact.sh) to automate project management.
  • init-artifact.sh creates a project structure and writes configuration files (package.json, tsconfig.json, etc.).
  • bundle-artifact.sh executes npx parcel build and a Node.js script to process build outputs.
  • [EXTERNAL_DOWNLOADS]: The skill configures a package.json that requires several standard frontend dependencies from the official NPM registry.
  • Dependencies include well-known libraries such as react, vite, tailwindcss, and parcel.
  • No non-standard or untrusted registries are used.
  • [DYNAMIC_EXECUTION]: The bundle-artifact.sh script utilizes a Node.js heredoc to execute an embedded script for file manipulation.
  • This script is used locally to inline assets (CSS, JS, images) into a single HTML file as part of its primary bundling function.
  • No untrusted or remote code is dynamically executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — web-artifacts-builder