shadcn-management
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection because it fetches component implementations and demo examples from external registries.
- Ingestion points: Untrusted data enters the agent context through
shadcn___view_items_in_registriesandshadcn___get_item_examples_from_registries. - Boundary markers: Absent. There are no instructions to delimit or ignore instructions embedded within the registry data.
- Capability inventory: The skill is designed to generate shell commands (
npx shadcn@latest add) and functional React code based on the ingested data. - Sanitization: Absent. The skill does not perform validation or escaping of the fetched registry content before using it to generate outputs.
- [COMMAND_EXECUTION] (LOW): The skill generates shell commands for the user to execute.
- Evidence: The tool
shadcn___get_add_command_for_itemsis used specifically to constructnpxinstallation strings. - [EXTERNAL_DOWNLOADS] (LOW): The skill relies on and executes the
shadcnCLI tool from npm. - Evidence: Recommends
npx shadcn@latest initandnpx shadcn@latest addfor project management.
Audit Metadata