shadcn-management
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill creates an attack surface by ingesting and processing data from external registries that could contain malicious instructions or code payloads.
- Ingestion points: Data enters the agent context through
shadcn___search_items_in_registries,shadcn___view_items_in_registries, andshadcn___get_item_examples_from_registries(SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent regarding potential embedded instructions in the registry data.
- Capability inventory: The skill provides installation commands (e.g., via
shadcn___get_add_command_for_items) and example code, which could lead to command execution or project modification if the source is compromised (SKILL.md). - Sanitization: Absent. Registry content is directly interpolated into the agent's output and recommendations.
- External Downloads (LOW): The skill instructs the agent to use
npx shadcn@latest init, which downloads and executes a third-party initialization script from the public npm registry (SKILL.md).
Audit Metadata