shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to use
pnpm dlx shadcn@latest add, which is the official method for installing shadcn/ui components. This involves executing a well-known CLI tool to generate local component files. - [EXTERNAL_DOWNLOADS]: The documentation references standard, well-known libraries from the NPM registry as dependencies for specific components, including
react-hook-form,zod,sonner,@tanstack/react-table, andlucide-react. - [PROMPT_INJECTION]: The skill guides the agent to process user UI requirements to select and install components. While it lacks explicit boundary markers for user input in the provided recipes, the workflow is centered on a predefined catalogue of known components, which effectively mitigates the risk of indirect prompt injection.
Audit Metadata