frontend
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes
npx shadcn@latest add <name> --yesto install UI components. This command downloads and executes a script from the npm registry. Because it uses the@latesttag and the--yesflag, it bypasses version pinning and manual verification, allowing for the execution of external code. While standard for this tech stack, it represents an unverified dependency risk. - [COMMAND_EXECUTION] (LOW): The skill executes various system and development commands including
npm run build,npm run lint,git diff, andls. These are necessary for the skill's primary purpose but involve interaction with the underlying shell. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it is instructed to ingest data from untrusted or external files.
- Ingestion points: The agent reads
features/INDEX.mdand external feature specification files provided via[feature-spec-path]. It also invites the user to provide 'inspiration URLs'. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within these external files.
- Capability inventory: The skill has the ability to write to the file system (
src/), execute shell commands (npm,npx), and interact with git. - Sanitization: Absent. The agent processes the contents of these files directly into its task context without validation.
Audit Metadata