shadcn-syntax-dialog

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill uses instructional language such as "ALWAYS" and "NEVER" to enforce technical best practices for UI development, specifically regarding accessibility (WAI-ARIA) and state management. There are no patterns suggesting attempts to override agent safety guidelines, bypass filters, or extract system prompts.
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and repositories from trusted and well-known sources, including Radix UI, shadcn ui, and the W3C Web Accessibility Initiative. These references are used for educational purposes and do not involve downloading or executing untrusted code.
  • [DATA_EXFILTRATION]: No sensitive file paths (e.g., .ssh, .env) or hardcoded credentials were detected. The skill mentions standard browser APIs and React state management for UI purposes, with no network exfiltration patterns.
  • [REMOTE_CODE_EXECUTION]: There are no commands or scripts designed to download and execute code from remote servers. The examples provided are static React/TSX code snippets for developer reference.
  • [COMMAND_EXECUTION]: The skill does not contain any shell commands, subprocess calls, or dynamic context injection patterns (!command).
  • [CREDENTIALS_UNSAFE]: No API keys, tokens, or private keys are hardcoded. The skill provides examples of standard form handling using react-hook-form and zod, which is a safe practice for data validation.
  • [OBFUSCATION]: The content is written in clear, human-readable markdown and TSX. No Base64, hex encoding, zero-width characters, or homoglyph attacks were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 03:40 PM
Security Audit — agent-trust-hub — shadcn-syntax-dialog