components-build
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill instructs agents and users to use
npx shadcn@latest add [URL]to install components directly from remote sources like21st.devor custom Vercel deployments (found inrules/marketplaces.mdandrules/registry.md). This pattern facilitates the execution of remote code from untrusted domains. The severity is downgraded from HIGH to MEDIUM as this is a standard practice for the component distribution primary purpose of this skill. - [COMMAND_EXECUTION] (MEDIUM): Multiple files including
README.mdandrules/npm.mdcontain shell commands for file manipulation (cp -r), package management (npm install,npm publish), and deployment (vercel --prod). An agent following these instructions might execute these commands if granted terminal access. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it is designed to analyze and refactor user-provided code.
- Ingestion points: Processes user-provided React source code and component specifications as described in
SKILL.md. - Boundary markers: Absent. There are no instructions to ignore malicious directives embedded in comments or documentation within the processed code.
- Capability inventory: The skill possesses code generation and modification capabilities across all rule files.
- Sanitization: None. The skill does not implement validation or escaping for the external content it interpolates into its logic.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references several non-whitelisted domains for documentation and component fetching, including
components.build,21st.dev, andradix-ui.com. While these are contextually relevant, they represent untrusted external sources.
Audit Metadata