Skills
skills/inertia-rails/skills/shadcn-inertia/Gen Agent Trust Hub

shadcn-inertia

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill instructs the user to run npx shadcn@latest init. While this is the standard and intended workflow for the shadcn/ui library, it involves downloading and executing code from the npm registry. The severity is lowered because this is the primary purpose of the skill.
  • [Indirect Prompt Injection] (LOW): The skill provides patterns for processing untrusted data from the server (flash messages and form errors).
  • Ingestion points: usePage().flash is used in references/flash-toast.md to retrieve messages from the Rails backend.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the toast content.
  • Capability inventory: The skill uses @inertiajs/react's router for navigation and server-side actions (GET, POST, DELETE) in references/components.md.
  • Sanitization: Standard React component rendering is used, which provides default protection against XSS, though specific sanitization of flash strings is not explicitly detailed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM