Skills
skills/andrelandgraf/fullstackrecipes/shadcn-ui-setup/Gen Agent Trust Hub

shadcn-ui-setup

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • External Downloads (MEDIUM): The skill provides a command to fetch content from https://fullstackrecipes.com/api/recipes/shadcn-ui-setup. This domain is not part of the trusted external sources list. Fetching code or instructions from unverified third-party APIs poses a risk as the content can be changed by the provider to include malicious payloads.
  • Indirect Prompt Injection (LOW): The skill defines a data ingestion surface via the external API call.
  • Ingestion points: SKILL.md instructs the agent to fetch data from a remote URL.
  • Boundary markers: None are present to prevent the agent from following instructions embedded in the fetched recipe.
  • Capability inventory: The skill is intended to "setup" UI components, which typically involves file writes and command execution by the agent following the recipe's instructions.
  • Sanitization: No sanitization or validation of the fetched content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:20 PM