Security Audit
snyk/agent-scan:tests/skills/web-artifacts-builder
github.com/snyk/agent-scanTrust Assessment
snyk/agent-scan:tests/skills/web-artifacts-builder received a trust score of 33/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unsanitized User Input in Shell Command, Unpinned Dependencies in `bundle-artifact.sh`, Unpinned Dependencies in `init-artifact.sh`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on March 1, 2026 (commit 30a672c5). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized User Input in Shell Command The `scripts/init-artifact.sh` script directly uses the user-provided project name (`$1`) in a `pnpm create vite` command without any sanitization or quoting. This allows for command injection, where a malicious project name containing shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`) could execute arbitrary commands on the host system. Sanitize or properly quote user-provided input before using it in shell commands. For project names, consider validating the input to ensure it only contains safe characters (e.g., alphanumeric, hyphens) or using `printf %q` to safely quote the variable for shell execution. | Static | scripts/init-artifact.sh:40 | |
| HIGH | Unpinned Dependencies in `bundle-artifact.sh` The `scripts/bundle-artifact.sh` script installs several `pnpm` dependencies (`parcel`, `@parcel/config-default`, `parcel-resolver-tspaths`, `html-inline`) without specifying exact versions. This means `pnpm` will fetch the 'latest' available version. This practice introduces supply chain risk, as a new version could contain breaking changes, vulnerabilities, or even malicious code if a package maintainer's account is compromised. The `parcel-resolver-tspaths` package is also less common, increasing the risk profile. Pin all dependencies to specific, known-good versions (e.g., `parcel@2.10.0`). Regularly audit and update these pinned versions to incorporate security fixes, but do so in a controlled manner. | Static | scripts/bundle-artifact.sh:20 | |
| HIGH | Unpinned Dependencies in `init-artifact.sh` The `scripts/init-artifact.sh` script installs several dependencies without specifying exact versions, leading to potential supply chain risks:
1. `npm install -g pnpm`: Installs `pnpm` globally without a version.
2. `pnpm create vite`: Uses the latest `create-vite` template.
3. `pnpm install class-variance-authority clsx tailwind-merge lucide-react next-themes`: Installs these packages without versions.
This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a new version of any of these packages is compromised or contains malicious code. Pin all dependencies to specific, known-good versions (e.g., `npm install -g pnpm@8.15.0`, `pnpm create vite@5.0.0`, `pnpm install class-variance-authority@0.7.0`). Regularly audit and update these pinned versions to incorporate security fixes, but do so in a controlled manner. | Static | scripts/init-artifact.sh:30 | |
| MEDIUM | Unverified Local Dependency (Tarball) The `scripts/init-artifact.sh` script extracts a local tarball (`shadcn-components.tar.gz`) without any integrity checks (e.g., checksum verification). If this local file were to be tampered with or replaced by a malicious actor, it could introduce arbitrary code into the generated project, posing a significant supply chain risk. The origin and contents of this tarball are not transparently verifiable within the skill. Implement integrity checks for local dependencies. For tarballs, this typically involves storing a cryptographic hash (e.g., SHA256) of the expected file and verifying it before extraction. Alternatively, consider distributing components via a package manager with built-in integrity features or a trusted registry. | Static | scripts/init-artifact.sh:140 |
Scan History
Embed Code
[](https://skillshield.io/report/4a5e3355c5251580)
Powered by SkillShield