The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to run the provided verify-setup.sh script and standard shadcn CLI commands via npx. The shell script is designed for diagnostic purposes, performing read-only checks on local configuration files such as package.json, tsconfig.json, and components.json to ensure the project is correctly set up for the UI library. No privileged execution or persistence mechanisms were found.- [EXTERNAL_DOWNLOADS] (SAFE): The skill instructions and documentation recommend the use of standard, well-known ecosystem tools like npx shadcn. The installation source for the skill itself resides within the google-labs-code repository, which falls under a trusted organization scope. Peer dependencies identified in the examples are standard React ecosystem libraries.- [DATA_EXFILTRATION] (SAFE): Although the agent is granted Read, Write, and web_fetch capabilities, its operational logic is strictly confined to the discovery and integration of frontend components. There are no instructions or code segments that attempt to access sensitive system paths (like ~/.ssh or .env) or transmit data to external, non-whitelisted domains.- [PROMPT_INJECTION] (SAFE): The SKILL.md and README.md files contain clear, task-oriented instructions without any adversarial patterns such as instructions to ignore safety filters, system prompt extraction attempts, or 'jailbreak' role-play scenarios.

shadcn-ui