fumadocs-registry-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructions allow an agent to ingest user-provided component metadata and write it into the project's
registry.jsonfile. * Ingestion points: User-provided component names, titles, and descriptions. * Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are specified. * Capability inventory: File-write operations toregistry.jsonand creation of component files. * Sanitization: Absent; no validation or escaping logic is provided for the interpolated strings. - EXTERNAL_DOWNLOADS (LOW): The documentation includes instructions to execute remote packages using the
pnpm dlxcommand. * Pattern:pnpm dlx shadcn@latest* Risk: Downloads and executes the latest version of theshadcnCLI from the npm registry. While standard for this workflow, it represents execution of remote code. - NO_CODE (SAFE): The skill itself contains only markdown instructions and JSON templates with no embedded scripts or binary files.
Audit Metadata