shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for frontend development assistance. It provides comprehensive documentation, implementation examples, and configuration guidance for shadcn/ui.
- [COMMAND_EXECUTION]: The skill uses standard CLI commands such as
npx shadcn@latest initandnpx shadcn@latest add. These are the official, well-known methods for managing shadcn/ui components. - [EXTERNAL_DOWNLOADS]: The skill references standard npm packages (e.g.,
react-hook-form,zod,@tanstack/react-table) and official shadcn/ui registries. These are trusted, well-known technology sources and do not represent a security risk in this context. - [REMOTE_CODE_EXECUTION]: There is no evidence of untrusted remote code execution. All suggested commands target official repositories or standard package managers.
- [PROMPT_INJECTION]: The core instructions in
SKILL.mdare focused on technical guidance and do not contain any attempt to override safety filters or bypass agent constraints. - [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The
web_fetchtool is enabled but used for legitimate documentation and component discovery. - [DYNAMIC_EXECUTION]: No usage of
eval(),exec(), or runtime compilation of untrusted code was found.
Audit Metadata