ui-styling
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill executes remote code from the npm registry at runtime using the
npxcommand. - Evidence: In
scripts/shadcn_add.py, the commandnpx shadcn@latest addis constructed and executed. This pattern fetches the latest version of the tool from the internet every time a component is added, which could lead to unpredictable behavior if the remote package is updated or compromised. - COMMAND_EXECUTION (LOW): The skill utilizes
subprocess.runto call external CLI tools. - Evidence: The script
scripts/shadcn_add.pyruns commands usingsubprocess.runwith argument lists. While this is the recommended way to call system tools and prevents basic shell injection, it still provides the agent with a capability to execute processes on the host machine. - PROMPT_INJECTION (LOW): The skill provides an attack surface for indirect prompt injection because it ingests untrusted user input and passes it to system commands.
- Ingestion points: User-provided component names in
scripts/shadcn_add.py. - Boundary markers: None present in the logic to delimit user-controlled strings from instructions.
- Capability inventory: The skill has the ability to execute system commands (
npx) and interact with the local file system (components.json). - Sanitization: The script relies on the structural separation of arguments in
subprocess.run; however, it does not validate or sanitize the content of the component name strings before execution.
Audit Metadata