shadcn-core-blocks
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and run the official
shadcnCLI using package managers likepnpm,npx,bunx, oryarn. These resources originate from the well-knownshadcn/uiecosystem.\n- [COMMAND_EXECUTION]: The skill uses shell commands to manage UI components via theshadcn addcommand. It includes safety-oriented flags such as--dry-run,--view, and--diffto allow for manual review of changes before they are applied to the disk.\n- [PROMPT_INJECTION]: The instructions utilize prescriptive language to ensure the agent adheres to the shadcn architecture. Ingestion points: user UI requests inSKILL.md. Boundary markers: uses standard agent boundaries. Capability inventory: CLI execution inreferences/methods.md. Sanitization: mandates manual verification via--diff.\n- [DATA_EXFILTRATION]: All external URL references target officialui.shadcn.comdocumentation. No unauthorized data access patterns were identified.
Audit Metadata