shadcn-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill uses
pnpm dlx shadcn@latest initto download and execute code from the npm registry. As the 'shadcn' package source is not within the specifically defined trusted organizations, this is treated as an untrusted external download. - REMOTE_CODE_EXECUTION (HIGH): Using
pnpm dlx(similar to npx) to run theshadcninitialization script constitutes downloading and then executing code at runtime. This provides a direct path for remote code execution if the package or its registry entry were compromised. - COMMAND_EXECUTION (HIGH): The skill requires the agent to execute shell commands to perform initialization and framework detection, granting the skill the ability to run arbitrary subprocesses.
- PROMPT_INJECTION (HIGH): The skill exhibits a high-tier Indirect Prompt Injection surface. It reads external project files and then performs write/execute operations based on that content.
- Ingestion points: Reads existing
tsconfig.json,jsconfig.json,next.config.js,vite.config.ts, and project CSS files. - Boundary markers: Absent; there are no delimiters or instructions to ignore malicious content within these project files.
- Capability inventory: Shell execution (
pnpm dlx) and extensive file system write/modification capabilities across the project directory. - Sanitization: None; the skill parses and trusts the structure of the existing configuration files to determine its next actions.
Recommendations
- AI detected serious security threats
Audit Metadata