shadcn
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in
SKILL.mdto runnpx shadcn@latest info --jsonat load time. This allows the agent to automatically synchronize with the local project configuration, framework, and installed components. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading UI components and fetching documentation from external sources. It directs the agent to use
npx shadcn@latest docs <component>to retrieve documentation and example URLs from official and community registries. The shadcn CLI is a well-known tool used for these operations. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It instructs the agent to fetch and process external data from documentation and example URLs. This data, being untrusted external content, could potentially contain malicious instructions designed to influence the agent's actions during component creation or modification.
- Ingestion points: External URLs fetched via
npx shadcn@latest docsandnpx shadcn@latest view(referenced inSKILL.md). - Boundary markers: None identified in the instructions for handling the ingested documentation content.
- Capability inventory: The skill has access to shell commands via
npx, file system modification (adding/updating components), and network operations for fetching documentation. - Sanitization: There are no instructions provided to sanitize or validate the content of the fetched documentation before processing.
Audit Metadata