Trust Assessment
artifacts-builder received a trust score of 11/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Command Injection via Project Name in `cd`, Command Injection via Project Name in `sed` command, Unpinned Dependencies in `bundle-artifact.sh`.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The static_code_analysis layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Project Name in `cd` The `scripts/init-artifact.sh` script uses the user-provided project name directly in a `cd "$PROJECT_NAME"` command. If the `PROJECT_NAME` contains shell metacharacters (e.g., `;`, `&&`, `||`, `$(...)`), an attacker can inject and execute arbitrary commands on the host system. Although the variable is quoted, command separators can still be effective. Sanitize the `PROJECT_NAME` input to remove or escape all shell metacharacters before using it in shell commands, especially `cd`. A safer approach might be to validate the project name against a strict regex (e.g., alphanumeric, hyphens, underscores) or use a tool that handles directory creation more securely. | Unknown | scripts/init-artifact.sh:46 | |
| CRITICAL | Command Injection via Project Name in `sed` command The `scripts/init-artifact.sh` script directly embeds the user-provided `PROJECT_NAME` into a `sed` command's replacement string: `$SED_INPLACE 's/<title>.*</title>/<title>"$PROJECT_NAME"</title>/' index.html`. If `PROJECT_NAME` contains `sed` delimiters (e.g., `/`) or command injection sequences (e.g., `/' -e 'malicious_command`), it can lead to arbitrary command execution on the host system. Avoid directly embedding unsanitized user input into `sed` commands. Instead, use a safer method to update the title, such as reading the file content, performing string replacement in a controlled environment (e.g., a scripting language like Python), and then writing the content back. If `sed` must be used, ensure the `PROJECT_NAME` is thoroughly escaped for `sed`'s syntax, particularly for the chosen delimiter. | Unknown | scripts/init-artifact.sh:50 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 2 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) | |
| MEDIUM | Unpinned Dependencies in `bundle-artifact.sh` The `scripts/bundle-artifact.sh` script installs development dependencies using `pnpm add -D parcel @parcel/config-default parcel-resolver-tspaths html-inline` without specifying exact versions. This introduces a supply chain risk, as a malicious update to any of these packages (or a typosquatting attack) could compromise the build process. `parcel-resolver-tspaths` is a less common package, increasing the risk of typosquatting. Pin all dependencies to exact versions (e.g., `parcel@2.10.3`). Regularly audit and update these pinned versions. Consider using a lockfile (`pnpm-lock.yaml`) to ensure deterministic installations. | Unknown | scripts/bundle-artifact.sh:22 | |
| MEDIUM | Unpinned Dependencies in `init-artifact.sh` The `scripts/init-artifact.sh` script installs several runtime dependencies using `pnpm install class-variance-authority clsx tailwind-merge lucide-react next-themes` without specifying exact versions. This introduces a supply chain risk, as a malicious update to any of these packages (or a typosquatting attack) could compromise the generated artifact or the development environment. Pin all dependencies to exact versions (e.g., `class-variance-authority@0.7.0`). Regularly audit and update these pinned versions. Consider using a lockfile (`pnpm-lock.yaml`) to ensure deterministic installations. | Unknown | scripts/init-artifact.sh:63 |
Scan History
Embed Code
[](https://skillshield.io/report/a406b50ce355ab4e)
Powered by SkillShield