Skills
skills/binhmuc/autobot-review/ui-styling/Gen Agent Trust Hub

ui-styling

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The script scripts/shadcn_add.py manages component installation securely.
  • It utilizes subprocess.run() with a list of arguments, which prevents shell injection attacks by ensuring input is not interpreted by a command shell.
  • User input for component names is treated as discrete arguments to the shadcn CLI.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill documentation identifies standard package management workflows.
  • It uses npx to fetch the latest shadcn CLI from the official npm registry.
  • External links for documentation (e.g., tailwindcss.com, ui.shadcn.com) are trusted sources.
  • [REMOTE_CODE_EXECUTION] (SAFE): Remote execution occurs through standard developer tools (npx).
  • The execution is targeted at well-known, community-standard libraries.
  • The Python helper script uses best practices for invoking these external tools.
  • [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data access or exfiltration was found.
  • Scripts do not access sensitive file paths like SSH keys or environment secrets.
  • [PROMPT_INJECTION] (SAFE): The skill metadata and documentation are free of instructions aimed at overriding agent behavior or bypassing safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:56 PM