Skills
skills/yuniorglez/gemini-elite-core/shadcn-ui-expert/Gen Agent Trust Hub

shadcn-ui-expert

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill mandates the use of bun x shadcn-ui@canary, which executes unpinned code from a remote registry at runtime.
  • [COMMAND_EXECUTION] (HIGH): The skill references specialized tools like scripts/init-tailwind4.sh and scripts/sync-ui-themes.ts that are not included in the package, creating an unverified execution surface.
  • [PROMPT_INJECTION] (HIGH): The skill facilitates the addition of components based on user input without providing sanitization or boundary markers, creating a surface for indirect prompt injection via CLI arguments.
  • [EXTERNAL_DOWNLOADS] (HIGH): The requirement to download and execute source code from external registries during runtime without integrity checks or version pinning represents a significant security vulnerability.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:23 AM