nextjs-shadcn-builder
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of several local scripts (e.g.,
./scripts/analyze-codebase.py,./scripts/detect-hardcoded-values.sh,./scripts/generate-migration-report.py, and./scripts/init-nextjs-shadcn.sh) that are not provided in the skill package for security analysis, posing a risk of unverified filesystem and process operations. - [EXTERNAL_DOWNLOADS]: Downloads and executes code via
npxfrom well-known sources likecreate-next-appandshadcn/ui. While these sources are established, the automation of remote code execution is a relevant security factor for environments requiring strict control. - [REMOTE_CODE_EXECUTION]: Initializes an MCP server using
npx shadcn@latest mcp init, which involves setting up a persistent execution bridge between the agent and local environment for documentation and component discovery. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and analyzing untrusted external codebases.
- Ingestion points: Reads files and directory structures from user-specified codebase paths using the
analyze-codebase.pyscript. - Boundary markers: No specific delimiters or "ignore instructions" warnings are used to isolate external content from the migration logic.
- Capability inventory: The skill possesses broad capabilities including executing local scripts (Python/Bash), writing files (project creation), and performing network operations (npm/npx).
- Sanitization: The skill does not describe any sanitization, validation, or filtering of the content read from the external codebase before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata