ckm-ui-styling

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides UI development documentation, styling guidance, and automation utilities that align with its stated purpose.
  • [COMMAND_EXECUTION]: The script scripts/shadcn_add.py uses subprocess.run to call npx shadcn@latest add. This is a standard and documented method for managing components in the shadcn/ui ecosystem. The implementation uses a list of arguments to avoid shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill references well-known technology services and repositories, including Tailwind CSS and shadcn/ui. Automated component installation fetches content from official package registries, which is expected behavior for this type of development utility.
  • [DATA_EXPOSURE]: No hardcoded credentials or sensitive data access patterns were identified. File system operations are restricted to reading and writing project-specific configuration files such as components.json and tailwind.config.js.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:01 AM
Security Audit — agent-trust-hub — ckm-ui-styling