shadcn-ui-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides architectural guidance and review checklists for shadcn/ui. All instructions and examples follow industry best practices for security and accessibility, such as recommending aria-invalid and data-invalid for form states.
- [PROMPT_INJECTION]: The skill is designed to analyze user-provided code snippets, creating a surface for indirect prompt injection. However, since the skill has no sensitive capabilities such as network access or file system writes, and operates purely within the AI's response context, the risk is minimal.
- [COMMAND_EXECUTION]: The documentation mentions the official npx shadcn@latest init command for project initialization. This is a standard and expected operation for users of the shadcn/ui library and is used here in a purely instructional context.
Audit Metadata