Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/shadcn-ui/Gen Agent Trust Hub

shadcn-ui

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill correctly identifies and documents the use of npx shadcn@latest add to fetch components from remote registries. It includes a specific security warning advising users to verify the registry source (e.g., ui.shadcn.com) and review the generated code before production use.
  • [COMMAND_EXECUTION]: Multiple shell commands are provided for project setup and dependency management using standard tools like npm, npx, pnpm, and yarn. These commands are standard for the documented use case of setting up a Next.js or React development environment.
  • [SAFE]: The skill promotes security best practices by instructing users to store registry authentication tokens in .env.local files using environment variable interpolation (${COMPANY_TOKEN}) rather than hardcoding secrets in configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 01:30 PM