Trust Assessment
artifacts-builder received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 2 critical, 1 high, 3 medium, and 0 low severity. Key findings include Prompt Injection Attempt in Skill Documentation, Command Injection via Project Name in init-artifact.sh, Command Injection via Project Name in sed command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 4/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt in Skill Documentation The skill documentation contains instructions ('VERY IMPORTANT: To avoid what is often referred to as "AI slop", avoid using excessive centered layouts...') that attempt to manipulate the host LLM's behavior. While SkillShield is designed to ignore such instructions within untrusted content, this pattern indicates a potential attempt to bypass LLM safety mechanisms if the content were to be interpreted as direct instructions. Remove or rephrase any content within the skill documentation that attempts to issue instructions or guidelines directly to the LLM. Ensure documentation focuses solely on describing the skill's functionality. | LLM | SKILL.md:19 | |
| CRITICAL | Command Injection via Project Name in init-artifact.sh The `scripts/init-artifact.sh` script uses the user-provided project name (`$1`) directly in a `cd` command without proper sanitization or quoting. An attacker can inject arbitrary shell commands by providing a malicious project name (e.g., `myproject; rm -rf /`). The shell will execute the `cd` command and then any subsequent commands injected. Sanitize the `PROJECT_NAME` variable to ensure it only contains safe characters (e.g., alphanumeric, hyphens, underscores) before using it in shell commands. Alternatively, create the directory using `mkdir` and then `cd` into the safely created directory, or use a more robust method to handle user input in shell commands. | LLM | scripts/init-artifact.sh:50 | |
| HIGH | Command Injection via Project Name in sed command The `scripts/init-artifact.sh` script interpolates the user-provided project name (`$PROJECT_NAME`) directly into a `sed` substitution command. If `$PROJECT_NAME` contains `sed` special characters (like `/`, `&`, `\`) or `sed` commands, it could lead to syntax errors, unintended file modifications, or potentially command injection if an attacker can break out of the `sed` pattern. Escape any special characters in `$PROJECT_NAME` before interpolating it into the `sed` command. A safer approach would be to read the file content, perform the replacement in a programming language (like Python or Node.js) that offers better string manipulation and escaping, and then write the content back. | LLM | scripts/init-artifact.sh:54 | |
| MEDIUM | Unpinned Global Dependency Installation The `scripts/init-artifact.sh` script installs `pnpm` globally using `npm install -g pnpm` without specifying a version. This introduces a supply chain risk as future executions could pull any version of `pnpm`, potentially introducing vulnerabilities or breaking changes if a malicious or incompatible version is published. Pin the version of `pnpm` to be installed (e.g., `npm install -g pnpm@x.y.z`) to ensure deterministic and secure dependency management. Consider using a tool like `nvm` or `volta` to manage Node.js and package manager versions more robustly. | LLM | scripts/init-artifact.sh:30 | |
| MEDIUM | Unpinned Dependencies in bundle-artifact.sh The `scripts/bundle-artifact.sh` script installs development dependencies (`parcel`, `@parcel/config-default`, `parcel-resolver-tspaths`, `html-inline`) without specifying exact versions. This introduces a supply chain risk as future executions could pull any version of these packages, potentially introducing vulnerabilities or breaking changes. Pin the versions of all dependencies (e.g., `pnpm add -D parcel@x.y.z`) to ensure deterministic and secure dependency management. Use a `package.json` file to manage dependencies with exact versions or version ranges. | LLM | scripts/bundle-artifact.sh:19 | |
| MEDIUM | Unpinned Dependencies in init-artifact.sh The `scripts/init-artifact.sh` script installs several production dependencies (`class-variance-authority`, `clsx`, `tailwind-merge`, `lucide-react`, `next-themes`) without specifying exact versions. This introduces a supply chain risk as future executions could pull any version of these packages, potentially introducing vulnerabilities or breaking changes. Pin the versions of all dependencies (e.g., `pnpm install class-variance-authority@x.y.z`) to ensure deterministic and secure dependency management. Use a `package.json` file to manage dependencies with exact versions or version ranges. | LLM | scripts/init-artifact.sh:60 |
Scan History
Embed Code
[](https://skillshield.io/report/731764fa90b3d58e)
Powered by SkillShield