shadcn-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/verify-setup.shto validate the project's file structure, configuration files (like components.json and tailwind.config.js), and dependency status. - [EXTERNAL_DOWNLOADS]: The skill instructions and documentation guide the agent to use
npxandweb_fetchto download UI components, project boilerplates, and documentation from the shadcn registry and GitHub repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch and process component source code from external registries. If an attacker gains control over a registry, they could inject malicious instructions into the component code that the agent then processes while integrating the component into the user's project.
- Ingestion points: Component source code retrieved via
get_componentandget_blockMCP tools from registries specified incomponents.json. - Boundary markers: Absent; there are no specific instructions for the agent to ignore natural language commands embedded in the retrieved code.
- Capability inventory: The agent has
Bash,Write, andweb_fetchcapabilities, allowing it to modify files or execute commands based on injected instructions. - Sanitization: No explicit sanitization or filtering of the retrieved source code is performed before the agent processes it.
Audit Metadata