shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of component code and configurations from remote registries using the
shadcnCLI. It defaults to the official registry atui.shadcn.combut supports custom registries, which is a core feature of the tool. - [COMMAND_EXECUTION]: The instructions include numerous standard development commands for project initialization and dependency management using
npm,pnpm, andnpx. These commands are expected for the primary purpose of setting up a React UI environment. - [PROMPT_INJECTION]: The skill documents the potential for indirect prompt injection if untrusted third-party registries are configured. It proactively mitigates this risk by including explicit warnings and instructions for users to verify registry authenticity and review any generated code before deployment.
Audit Metadata