aceternity-ui
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The instructions configure an external registry at https://ui.aceternity.com/registry/{name}.json. This domain is outside the trusted scope (e.g., Vercel, Microsoft), which poses a risk when fetching remote component definitions.
- REMOTE_CODE_EXECUTION (MEDIUM): The shadcn CLI is used to 'add' components from the unverified Aceternity registry. This process involves downloading and integrating remote code into the local project structure, which constitutes a form of remote code execution.
- COMMAND_EXECUTION (LOW): The guide includes several shell commands for project initialization and dependency installation via bunx, npx, and pnpm. While these are standard developer tools, they execute logic from remote sources.
- DYNAMIC_EXECUTION (MEDIUM): The registry path https://ui.aceternity.com/registry/{name}.json uses a computed path pattern to resolve component metadata, which is flagged as a medium risk when involving non-whitelisted domains.
Audit Metadata