The Agent Skills Directory

[Remote Code Execution] (HIGH): The file scripts/shadcn_add.py contains logic to execute npx shadcn@latest add. This command downloads and executes code from the npm registry at runtime. In an AI agent context, executing remote code from unversioned or external registries without strict integrity checks is a high-risk pattern. Evidence: subprocess.run(['npx', 'shadcn@latest', 'add'] + components, ...) in scripts/shadcn_add.py.\n- [Command Execution] (MEDIUM): The skill performs command execution via the subprocess module. Specifically, scripts/shadcn_add.py takes a list of components from sys.argv and passes them directly as arguments to an external process (npx). While using a list prevents traditional shell injection, it still allows an attacker to dictate which packages are downloaded and executed by the environment.\n- [External Downloads] (LOW): The skill instructions and quick-start guides explicitly direct the agent to download and install third-party packages and components from external URLs and registries (ui.shadcn.com, npm). This is downgraded to LOW per trust-scope rules for standard registries, but remains a notable risk factor when automated.\n- [Prompt Injection] (HIGH): The skill provides an attack surface for indirect prompt injection. It has an ingestion point via user/agent prompts for UI requirements and possesses high-privilege capabilities including command execution and project file modification. There are no boundary markers or sanitization logic to prevent malicious instructions embedded in UI requirements from being executed or influencing the generated code. Evidence: Lack of input validation in shadcn_add.py and ingestion of arbitrary component strings which are interpolated into executable commands.

ui-styling