shadcn-component-discovery
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill recommends installing an external MCP server from an untrusted GitHub repository (
github.com/nicholasoxford/shadcn-mcp). Installing unvetted MCP servers allows external code to operate with the AI agent's permissions, presenting a significant supply chain risk. - [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions to run
npx shadcn@latest addfor components hosted on various third-party registries (e.g.,@reui,@animate-ui,@diceui). This allows for the download and execution of remote code from unverified sources directly into the user's project codebase. - [COMMAND_EXECUTION] (HIGH): Ready-to-run shell commands for installation are provided throughout the skill. An automated agent executing these instructions could compromise the system if a registry hosts malicious component code.
- [PROMPT_INJECTION] (HIGH): (Category 8: Indirect Prompt Injection) The skill exposes a large attack surface by ingesting and displaying data from external registries.
- Ingestion points: Data enters via
mcp__shadcn__search_items_in_registriesandmcp__shadcn__view_items_in_registriesinSKILL.md. - Boundary markers: Absent; external registry descriptions and examples are directly presented to the user and processed by the agent without isolation.
- Capability inventory: The skill has the capability to suggest and facilitate shell command execution (
npx shadcn add). - Sanitization: Absent; the skill does not include steps to validate or sanitize the integrity or content of components fetched from the internet before installation.
Recommendations
- AI detected serious security threats
Audit Metadata