shadcn-vue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious instructions, prompt injection, or obfuscation patterns were identified. The content is strictly instructional and follows standard software development practices.
- [COMMAND_EXECUTION] (LOW): The skill documents the use of the
shadcn-vueCLI for project initialization and component installation (e.g.,npx shadcn-vue@latest init). These are expected operations for the library's primary purpose. - [EXTERNAL_DOWNLOADS] (LOW): Documents the ability to fetch component registries from remote URLs using the CLI. While this is an external download surface, the skill uses placeholder domains (
acme.com) for demonstration and emphasizes the use of authenticated tokens for secure custom registries. - [CREDENTIALS_SAFE] (SAFE): The documentation mentions token-based authentication for private registries using the
[SECURE_TOKEN]placeholder. No real API keys, secrets, or sensitive credentials are hardcoded in the skill. - [DATA_EXPOSURE] (SAFE): No access to sensitive file paths (e.g., SSH keys, env files) or unauthorized network exfiltration logic was found.
Audit Metadata