Skills
skills/fellipeutaka/leon/shadcn/Gen Agent Trust Hub

shadcn

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Employs dynamic context injection through the !npx shadcn@latest info --json command in SKILL.md to automatically synchronize with the user's project settings at load time, which is an expected and legitimate use of project-specific tooling.
  • [COMMAND_EXECUTION]: Orchestrates UI component management using the shadcn CLI (via npx, pnpm, or bun), performing actions such as searching, adding, and viewing components as intended.
  • [EXTERNAL_DOWNLOADS]: Retrieves component registries and documentation from well-known and trusted services, specifically ui.shadcn.com and official GitHub repositories via raw.githubusercontent.com.
  • [COMMAND_EXECUTION]: Supports installing components from external URLs via the add command, while providing instructions to use the --view flag to inspect source code before installation.
  • [SAFE]: Implements a high standard of security through instructions that require the agent to use --dry-run, --diff, and --view flags for all updates, ensuring that users can review changes before they are applied to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:37 AM