Skills
skills/ggglhhh/skills/shadcn/Gen Agent Trust Hub

shadcn

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the shadcn CLI tool via package runners like npx or pnpm dlx to retrieve project metadata and manage component installations.
  • [EXTERNAL_DOWNLOADS]: Retrieves component source code from configured registries and documentation content from external web resources.
  • [REMOTE_CODE_EXECUTION]: Adds third-party UI component source code directly into the local project, which is then executed as part of the application environment.
  • [PROMPT_INJECTION]:
  • Ingestion points: Processes external documentation content fetched from URLs and metadata from community-contributed registries.
  • Boundary markers: Lacks explicit delimiters to isolate content retrieved from external URLs from the agent's primary instructions.
  • Capability inventory: Possesses the ability to execute shell commands and modify local project files.
  • Sanitization: Does not specify automated sanitization or validation for content retrieved from external documentation links.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 02:09 PM