Skills
skills/congdon1207/agents.md/shadcn-tailwind/Gen Agent Trust Hub

shadcn-tailwind

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx shadcn@latest to download and execute initialization and component addition tools. This execution from the npm registry is not within the defined trusted sources.
  • REMOTE_CODE_EXECUTION (MEDIUM): The use of npx facilitates remote code execution at runtime, which poses a risk if the upstream package is compromised.
  • COMMAND_EXECUTION (MEDIUM): The skill relies on local scripts scripts/shadcn_add.py and scripts/tailwind_config_gen.py for environment setup and configuration, which can perform arbitrary file system operations.
  • PROMPT_INJECTION (LOW): As a code-generation and automation skill, there is a risk of indirect injection. Ingestion point: User prompt triggers; Boundary markers: None; Capability inventory: npx execution, python subprocess, file writes via scripts; Sanitization: None specified. This creates a surface where malicious instructions in a prompt could influence CLI arguments or generated code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:34 PM