ui-components
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to use
pnpm dlx shadcn@latest. This is a standard industry command for scaffolding UI components from a reputable library. While it involves downloading and executing remote code at runtime, it is within the expected behavior for development tools. - [DATA_EXFILTRATION] (SAFE): Data fetching examples use relative API paths (e.g.,
/api/user/planned/history), which is standard for internal application logic and does not show evidence of exfiltration to external domains. - [PROMPT_INJECTION] (SAFE): The content is purely instructional and does not contain directives aimed at overriding the agent's system prompt or bypassing safety controls.
- [COMMAND_EXECUTION] (SAFE): Shell commands are restricted to package management and component installation, which are necessary for the skill's stated purpose of UI development.
Audit Metadata