Skills
skills/hainamchung/agent-assistant/ui-styling/Gen Agent Trust Hub

ui-styling

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The script scripts/shadcn_add.py uses npx to fetch the shadcn utility from the npm registry.
  • Evidence: The script constructs the command ["npx", "shadcn@latest", "add"] + components to manage UI components.
  • Context: This is the standard, documented way to use the shadcn/ui CLI and is consistent with the skill's primary purpose of UI styling.
  • COMMAND_EXECUTION (LOW): The skill includes a Python script that executes system commands to interact with Node.js tools.
  • Evidence: scripts/shadcn_add.py utilizes subprocess.run() to execute npx commands.
  • Mitigation: The script correctly uses a list-based argument format and avoids shell=True, which prevents common shell injection vulnerabilities. The execution is localized to the project root directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM