shadcn
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the dynamic context injection syntax (
!npx shadcn@latest info --json) inSKILL.mdto automatically gather project configuration and metadata when the skill is loaded. This is a legitimate application of project-specific tooling for context discovery. - [PROMPT_INJECTION]: An attack surface for indirect prompt injection exists because the skill ingests component source code and documentation from external registries via the
addanddocscommands. This surface is inherent to the skill's primary function. The skill mitigates this by instructing the agent to review and verify all added files. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch documentation URLs and registry data from
ui.shadcn.comandraw.githubusercontent.com. These are official and well-known domains for the shadcn/ui project. - [REMOTE_CODE_EXECUTION]: The skill is configured to run the
shadcnCLI using package runners likenpx,pnpm, andbun. This allows the agent to install and update components directly from the official NPM registry, which is the standard workflow for the framework.
Audit Metadata