shadcn
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands via npx, pnpm, and bun runners to interact with the shadcn CLI. These operations are restricted by platform-level tool configuration to specific command prefixes, preventing arbitrary command injection.
- [DYNAMIC_CONTEXT_INJECTION]: A dynamic execution placeholder (!npx shadcn@latest info --json) is used in SKILL.md to retrieve project metadata upon skill initialization. This mechanism is applied solely to synchronize the AI agent's context with the user's project state (e.g., framework, aliases, and styles).
- [EXTERNAL_DOWNLOADS]: The skill instructions facilitate the downloading of UI components and the fetching of technical documentation from official and community registries. This functionality is core to the skill's purpose and follows established ecosystem workflows.
- [PROMPT_INJECTION]: The skill manages a surface for indirect prompt injection by processing external documentation and example code. However, the ingestion points are limited to developer-oriented content, and no malicious patterns targeting agent instructions were found.
Audit Metadata