moai-library-shadcn
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of prompt injection attempts, role-play overrides, or instructions to bypass safety guidelines was found. The skill maintains a consistent focus on UI library expertise.
- [DATA_EXPOSURE]: No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. External links point to official documentation for shadcn/ui, Radix UI, and Tailwind CSS.
- [OBFUSCATION]: The content is clear and uses standard Markdown and TypeScript. There is no use of Base64 encoding, zero-width characters, or other obfuscation techniques.
- [REMOTE_CODE_EXECUTION]: The skill mentions the use of standard development tools like
npx shadcn-ui, which are standard for the described purpose. No suspicious remote script execution patterns (e.g.,curl | bash) were identified. - [COMMAND_EXECUTION]: While the skill mentions CLI commands like
initandaddfor component installation, these are presented as instructions for a developer and do not involve unauthorized or dangerous system commands. - [PRIVILEGE_ESCALATION]: No commands for acquiring higher permissions (like
sudoorchmod 777) were found. - [PERSISTENCE]: There are no attempts to establish persistence on the system via shell profiles, cron jobs, or registry keys.
- [INDIRECT_PROMPT_INJECTION]: The skill provides patterns for UI components and form validation (using Zod), which actually promotes security by encouraging input validation. It does not ingest untrusted data in an unsafe manner.
- [DYNAMIC_EXECUTION]: The code snippets provided are static templates for React components. No unsafe deserialization or dynamic code generation from untrusted sources was found.
Audit Metadata