Security Audit
artifacts-builder
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
artifacts-builder received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Attempted LLM instruction manipulation, Unsanitized user input in `sed` command leads to command injection, Unpinned third-party dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Attempted LLM instruction manipulation The skill's documentation contains direct instructions intended for the host LLM, attempting to influence its output style. The phrase 'VERY IMPORTANT: To avoid what is often referred to as "AI slop", avoid using excessive centered layouts, purple gradients, uniform rounded corners, and Inter font.' is a prompt injection attempt, trying to manipulate the LLM's creative output or adherence to stylistic guidelines. Remove direct instructions to the LLM from untrusted skill content. Skill documentation should describe the skill's functionality, not attempt to control the LLM's behavior or stylistic choices. | LLM | SKILL.md:15 | |
| CRITICAL | Unsanitized user input in `sed` command leads to command injection The `scripts/init-artifact.sh` script uses the user-provided `PROJECT_NAME` directly within a `sed -i` command's replacement string without proper escaping. An attacker can craft a `PROJECT_NAME` containing shell metacharacters (e.g., `'; rm -rf /; echo '`) to break out of the `sed` command and execute arbitrary commands on the system. Sanitize or properly escape user-provided input (`PROJECT_NAME`) before using it in shell commands, especially within `sed` replacement strings. Consider using a safer templating mechanism or a dedicated tool for file modifications that handles escaping automatically. For `sed`, one might need to escape `&`, `/`, and the delimiter itself, or use a different delimiter. | LLM | scripts/init-artifact.sh:49 | |
| HIGH | Unpinned third-party dependencies The `scripts/bundle-artifact.sh` script installs several third-party npm packages (`parcel`, `@parcel/config-default`, `parcel-resolver-tspaths`, `html-inline`) without specifying exact versions. This allows for the installation of the `latest` version, which could introduce breaking changes or malicious code if a package maintainer's account is compromised or a new version contains vulnerabilities. Pin all third-party dependencies to exact versions (e.g., `parcel@2.10.0`) to ensure deterministic builds and mitigate risks from malicious updates. Regularly audit and update these pinned versions. | LLM | scripts/bundle-artifact.sh:18 | |
| MEDIUM | Global package installation without explicit user consent The `scripts/init-artifact.sh` script attempts to install `pnpm` globally using `npm install -g pnpm` if it's not found. Installing global packages can modify the system-wide environment and introduce dependencies or executables that are not confined to the skill's project, potentially leading to conflicts or unintended system-level changes. This grants the skill excessive permissions to modify the host system's global state. Avoid installing global packages within a skill. If a tool like `pnpm` is required, instruct the user to install it manually as a prerequisite, or use a project-local installation method if available and appropriate. Ensure the skill operates within a well-defined and isolated environment. | LLM | scripts/init-artifact.sh:30 |
Scan History
Embed Code
[](https://skillshield.io/report/edc5e9669f41c22c)
Powered by SkillShield