shadcn
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive guide for the shadcn/ui component system and CLI.
- [EXTERNAL_DOWNLOADS]: References downloading component source code from official and well-known registries including v0.dev and elements.ai-sdk.dev (Vercel Labs). These are established, trusted sources in the web development community.
- [COMMAND_EXECUTION]: Encourages the use of standard, reputable command-line tools such as npx shadcn, npx create-next-app, and pnpm dlx skills for project setup and component installation. It correctly recommends non-interactive flags (-d) for agent-based execution.
- [CREDENTIALS_UNSAFE]: Demonstrates secure handling of private registry authentication by using environment variable placeholders (${REGISTRY_TOKEN}) rather than hardcoding secrets.
Audit Metadata