skills/openaec-foundation/shadcn-ui-claude-skill-package/shadcn-core-architecture/Gen Agent Trust Hub
shadcn-core-architecture
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves as architectural documentation for the shadcn ui ecosystem and does not contain malicious code or instructions. No patterns of prompt injection, obfuscation, or persistence were found.\n- [EXTERNAL_DOWNLOADS]: Mentions fetching component source code from the official shadcn registry at ui.shadcn.com. This is documented neutrally as it is a well-known service and the primary distribution channel for the project's components.\n- [COMMAND_EXECUTION]: Provides documentation for standard CLI operations using the shadcn package via package manager commands (pnpm dlx, npx, bunx, yarn dlx). These are standard workflows for project initialization and component management.\n- [CREDENTIALS_UNSAFE]: Includes a configuration example for registry authentication using environment variables (${ACME_REGISTRY_TOKEN}) and explicitly instructs the user to store secrets in environment files rather than the project configuration, following security best practices.
Audit Metadata