Skills
skills/sortweste/frontend-skills/react-hook-form-zod-shadcn/Gen Agent Trust Hub

react-hook-form-zod-shadcn

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions in README.md and SKILL.md direct the user to run npx skills add using a repository from an untrusted GitHub user (Sortweste/frontend-skills). This repository is not within the defined trusted organizations, posing a risk of unverified code execution.
  • UNVERIFIABLE_DEPENDENCIES (LOW): The skill specifies installation of zod@4.3.6, react-hook-form@7.71.1, and @hookform/resolvers@5.2.2. As of current registry states, these versions do not exist on npm (e.g., Zod is in v3.x), which will result in dependency resolution failures.
  • METADATA_POISONING (MEDIUM): The Tech Stack section in README.md references hallucinated versions of Next.js (16.0.10) and React (19.2.1) that have not been released. Furthermore, code snippets in SKILL.md contain syntax errors (e.g., floating method chains in the Zod schema), which could lead an agent to generate broken or insecure code based on unreliable templates.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:07 AM