shadcn
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the shadcn CLI via
npx shadcn@latest, which downloads and executes the tool from the public npm registry. It also facilitates adding components from remote registry URLs, which involves downloading source code and configuration files from external servers. - [COMMAND_EXECUTION]: The skill includes several bash utility scripts used for project introspection and auditing:
scripts/project-state.sh(environment and config discovery),scripts/audit-theme.sh(CSS variable validation), andscripts/diff-all.sh(detecting upstream component changes). These scripts invoke shell commands such asnpx,grep,sed, andpython3. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing local project files and remote registry data.
- Ingestion points: Project files like
components.json,package.json, and CSS files are read and processed by the included bash scripts; remote component registries are ingested during theaddprocess. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the script outputs.
- Capability inventory: The agent has the ability to execute shell scripts, run CLI tools, and write files to the local system.
- Sanitization: Content from configuration files and remote registries is processed without explicit sanitization or validation against unexpected instructions.
Audit Metadata