shadcn-vue
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the user to run npx shadcn-vue commands to initialize the project and manage components. This is standard developer workflow for this library.- [EXTERNAL_DOWNLOADS]: The utility script scripts/generate-components.ts fetches documentation content from the official shadcn-vue repository on GitHub (unovue/shadcn-vue). The script processes this content and writes it to the local filesystem as markdown documentation. This is intended for keeping documentation up-to-date.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external documentation content fetched at runtime through the synchronization script. Ingestion points: scripts/generate-components.ts downloads content from GitHub. Boundary markers: Content is stored as standard markdown files. Capability inventory: The skill includes file system writes (via script) and suggested shell commands for component installation. Sanitization: The script performs basic escaping for markdown table formatting.
Audit Metadata