shadcn-core-blocks

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and run the official shadcn CLI using package managers like pnpm, npx, bunx, or yarn. These resources originate from the well-known shadcn/ui ecosystem.\n- [COMMAND_EXECUTION]: The skill uses shell commands to manage UI components via the shadcn add command. It includes safety-oriented flags such as --dry-run, --view, and --diff to allow for manual review of changes before they are applied to the disk.\n- [PROMPT_INJECTION]: The instructions utilize prescriptive language to ensure the agent adheres to the shadcn architecture. Ingestion points: user UI requests in SKILL.md. Boundary markers: uses standard agent boundaries. Capability inventory: CLI execution in references/methods.md. Sanitization: mandates manual verification via --diff.\n- [DATA_EXFILTRATION]: All external URL references target official ui.shadcn.com documentation. No unauthorized data access patterns were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 03:41 PM
Security Audit — agent-trust-hub — shadcn-core-blocks