shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, trusted commands such as
npx shadcn@latest. These are directed to well-known official registries and the shadcn project ecosystem. - [COMMAND_EXECUTION] (SAFE): Includes a shell script (
scripts/verify-setup.sh) which performs read-only checks (usinggrep,find, andls) on the local project structure to ensure proper configuration. It does not perform any destructive or unauthorized operations. - [PROMPT_INJECTION] (SAFE): The
SKILL.mdandREADME.mdcontain standard instructional guidelines for a technical assistant. There are no attempts to bypass safety filters or override system instructions. - [REMOTE_CODE_EXECUTION] (SAFE): While the skill assists with
npxcommands, these are restricted to the officialshadcnCLI tools, which is the standard and documented method for using this library. - [DATA_EXFILTRATION] (SAFE): No network operations to unknown or suspicious domains were found. All tools used (like
web_fetch) are restricted to standard documentation and registry exploration.
Audit Metadata