tailwind-shadcn
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (MEDIUM): The skill contains multiple instructions to run
npx shadcn@latest, which downloads and executes the latest version of the shadcn CLI from the npm registry. Since the shadcn package and its maintainers are not included in the 'Trusted External Sources' whitelist, this is classified as an unverifiable dependency download. - [Command Execution] (MEDIUM): The skill provides shell commands for initializing a project (
npx shadcn@latest init) and adding components (npx shadcn@latest add ...). These commands perform significant modifications to the local filesystem and execute code downloaded at runtime.
Audit Metadata