The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses npx shadcn@latest, pnpm dlx shadcn@latest, and bunx to execute the official shadcn CLI tool. This is restricted via the allowed-tools configuration in the frontmatter, limiting the agent's execution scope to these specific commands.
[EXTERNAL_DOWNLOADS]: The CLI fetches component definitions, documentation, and examples from the official ui.shadcn.com registry and trusted GitHub repositories. These are well-known services and the downloads are essential for the skill's primary function.
[DYNAMIC_CONTEXT_INJECTION]: The skill utilizes dynamic context injection in SKILL.md to execute npx shadcn@latest info --json at load time. This provides the agent with necessary project metadata (framework, aliases, installed components) without accessing sensitive user files.
[PROMPT_INJECTION]: While the skill contains instructional language marked as 'IMPORTANT' or 'CRITICAL', these are standard guidelines for maintaining code quality and consistency within the shadcn ecosystem and do not attempt to bypass safety filters or override agent behavior maliciously.

shadcn