nextjs-shadcn
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the AI agent to install components using the official shadcn/ui CLI through commands like
bunx shadcn@latest add. This is the standard installation method for the library and targets trusted registries. - [COMMAND_EXECUTION]: Instructions include the use of CLI tools for project initialization, component management, and running Model Context Protocol (MCP) servers. These operations are essential for the development tasks described and utilize standard developer tooling.
- [EXTERNAL_DOWNLOADS]: The configuration recommends setting up an MCP server via
npx shadcn@latest mcpto facilitate component discovery and code retrieval from the official shadcn registry. - [SAFE]: All external URLs referenced in the documentation, including Unsplash for images, YouTube/Vimeo for video embeds, and schema.org for metadata, belong to well-known and trusted services.
Audit Metadata