shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill facilitates the download of component source code from external registries and arbitrary URLs. Evidence: Found instructions for adding components via URL (https://example.com/r/custom-component.json) and custom registry configurations in components.json.
- COMMAND_EXECUTION (LOW): The skill utilizes the pnpx package runner to execute CLI commands that modify the project's file system. Evidence: Multiple instances of pnpx shadcn@latest.
- PROMPT_INJECTION (LOW): The skill surface is vulnerable to indirect prompt injection via the component registries it processes. * Ingestion points: Remote JSON registries and URL-based component additions. * Boundary markers: Absent; no instructions are provided to the agent to treat downloaded content as untrusted. * Capability inventory: The skill enables writing files to the local project structure (e.g., components/ui/). * Sanitization: None identified in the provided instructions.
Audit Metadata