shadcn-create-project
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes
pnpm dlx shadcn@latest createto initiate project scaffolding. This command downloads and executes the latest version of the shadcn package directly from the npm registry. While this is the documented usage for the tool, it constitutes remote code execution of a third-party package that is not on the explicitly trusted sources list. - COMMAND_EXECUTION (LOW): The skill requires the agent to execute shell commands to create and verify the project structure. These commands (
pnpm dlx,pnpm create) are used for their intended purpose of project initialization.
Audit Metadata