shadcn
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages the official
shadcnCLI through package runners likenpx,pnpm dlx, andbunx. It also utilizes dynamic context injection inSKILL.mdvia the!npx shadcn@latest info --json`` command to automatically provide the agent with project-specific configuration data at load time. These operations are project-specific and within the expected behavior for this tool.- [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch component documentation and code examples fromui.shadcn.comandraw.githubusercontent.com. These are official and well-known sources for the shadcn/ui ecosystem, making these network operations safe.- [REMOTE_CODE_EXECUTION]: The skill uses theshadcn addcommand to download and integrate component source code from the registry into the user's project. This is the primary and documented purpose of the shadcn/ui framework and is executed through the official CLI tool.
Audit Metadata