Skills
skills/inkeep/agents/shadcn/Gen Agent Trust Hub

shadcn

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill is centered around the shadcn CLI (npx shadcn@latest), using it to initialize projects, search for components, and manage the UI architecture. It uses the CLI to gather project metadata and apply changes.
  • [EXTERNAL_DOWNLOADS]: UI components and documentation are retrieved from external sources, including the official ui.shadcn.com registry and community-provided GitHub repositories, using the CLI's installation tools.
  • [DYNAMIC_CONTEXT_INJECTION]: The skill uses dynamic context injection in SKILL.md to execute npx shadcn@latest info --json upon loading. This provides the agent with real-time project configuration and installed component lists.
  • [INDIRECT_PROMPT_INJECTION]: Because the skill processes code and documentation from external registries, it is exposed to potential indirect injection. The skill mitigates this risk by explicitly instructing the agent to 'always read the added files and verify they are correct' and to manually audit third-party component imports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:33 AM