stitch-shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like
npx shadcn@latest addandtsc --noEmitvia theBashtool to manage components and validate project code.\n- [REMOTE_CODE_EXECUTION]: It usesnpxto fetch and execute theshadcnCLI tool directly from the npm registry. This is a common and accepted practice for maintaining the latest version of developer tools.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests usingweb_fetchand MCP tools to download component source files and configuration from official shadcn/ui resources and registries.
Audit Metadata