Trust Assessment
web-artifacts-builder received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Command Injection via unsanitized project name in sed, Supply Chain Risk: Opaque binary component, Supply Chain Risk: Unpinned global dependency installation.
The analysis covered 4 layers: static_code_analysis, manifest_analysis, dependency_graph, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 1ed29a03). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Command Injection via unsanitized project name in sed The `scripts/init-artifact.sh` script uses the user-provided `$PROJECT_NAME` variable directly within a `sed` substitution command without proper escaping. A malicious project name containing `sed` metacharacters (e.g., `/`, `&`, `\`) could lead to arbitrary modifications of the `index.html` file, potentially injecting malicious content or altering the application's behavior. Escape the `$PROJECT_NAME` variable for `sed` metacharacters before inserting it into the `sed` command. For example, use a function to escape characters like `/`, `&`, and `\` (e.g., `escaped_project_name=$(printf %s "$PROJECT_NAME" | sed -e 's/[&/\\]/\\&/g')`) and then use the escaped variable. | Unknown | scripts/init-artifact.sh:77 | |
| MEDIUM | Supply Chain Risk: Opaque binary component The skill package includes `scripts/shadcn-components.tar.gz`, which is an opaque binary tarball. This tarball is extracted into the user's project (`src/components`) by `scripts/init-artifact.sh`. The contents of this binary file are not auditable without manual extraction and analysis. If this tarball were compromised or contained malicious code, it would be directly deployed into the user's development environment, posing a significant supply chain risk by introducing unverified code. Instead of bundling an opaque binary tarball, provide the shadcn/ui components as auditable source files directly within the skill package. Alternatively, document a process for the user to install these components from a trusted public registry (e.g., `npm`, `pnpm`, `yarn`) or from a well-known, verifiable source. | Unknown | scripts/shadcn-components.tar.gz:90 | |
| INFO | Supply Chain Risk: Unpinned global dependency installation The `scripts/init-artifact.sh` script installs `pnpm` globally using `npm install -g pnpm` without specifying a version. This means the latest version will always be installed, which can lead to non-deterministic behavior, breaking changes, or, in a worst-case scenario, a malicious version if the `npm` registry or `pnpm` package is compromised. While `pnpm` is a common tool, installing unpinned global dependencies increases risk. Specify a pinned version for `pnpm` (e.g., `npm install -g pnpm@x.y.z`) to ensure consistent and secure installations. Alternatively, instruct the user to ensure `pnpm` is installed and at a specific, trusted version before running the script. | Unknown | scripts/init-artifact.sh:30 | |
| INFO | Supply Chain Risk: Unpinned project dependency installations Both `scripts/bundle-artifact.sh` and `scripts/init-artifact.sh` install project dependencies (e.g., `parcel`, `html-inline`, `class-variance-authority`) using `pnpm add` or `pnpm install` without specifying exact versions. This can lead to non-deterministic builds, unexpected behavior, or potential security vulnerabilities if new versions introduce breaking changes or malicious code. While `pnpm install` typically respects `pnpm-lock.yaml`, these direct `add`/`install` calls in the scripts bypass strict version locking for these specific additions. Specify exact versions for all dependencies installed via `pnpm add` or `pnpm install` commands within the scripts (e.g., `pnpm add -D parcel@x.y.z`). Alternatively, ensure a `pnpm-lock.yaml` file is generated and committed for the base project template, and rely on `pnpm install` to respect those locked versions. | Unknown | scripts/bundle-artifact.sh:19 |
Scan History
Embed Code
[](https://skillshield.io/report/0eb813073f43cd03)
Powered by SkillShield