shadcn-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends using
npx shadcn@latestfor initialization and adding components. This is the standard distribution method for this tool. - [COMMAND_EXECUTION] (SAFE): Installation commands are generated by MCP tools and executed in the shell, which is necessary for the skill's functionality.
- [PROMPT_INJECTION] (SAFE): No direct injection or bypass patterns were found.
- [DATA_EXPOSURE] (SAFE): No sensitive file access or data exfiltration detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external UI registries. This is a potential attack surface but inherent to the skill's utility.
- Ingestion points:
shadcn___view_items_in_registriesandshadcn___get_item_examples_from_registriesinSKILL.mdandreferences/workflows.md. - Boundary markers: Absent for registry content.
- Capability inventory: Shell command execution for installation.
- Sanitization: Relies on MCP tool validation.
Audit Metadata