shadcn-svelte-inertia
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill includes a command to initialize the UI framework using 'npx shadcn-svelte@latest init'. This is a standard procedure in the ecosystem, though it involves executing code from an external repository not in the primary trusted list.
- [PROMPT_INJECTION] (LOW): Per Category 8 (Indirect Prompt Injection), the skill implements UI components that process untrusted data from user props and URL parameters for rendering and navigation. 1. Ingestion points: 'users' prop in Table, 'search' and 'page' parameters in navigation examples found in SKILL.md and references/components.md. 2. Boundary markers: Uses standard Svelte reactive syntax without explicit LLM-specific delimiters. 3. Capability inventory: Limited to UI display and client-side routing via '@inertiajs/svelte' (router.get, router.visit, router.delete). 4. Sanitization: Svelte provides automatic HTML escaping for interpolated values.
Audit Metadata