skills/openaec-foundation/shadcn-ui-claude-skill-package/shadcn-syntax-toast-sonner/Gen Agent Trust Hub
shadcn-syntax-toast-sonner
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains technical documentation and code examples without any instructions that attempt to override agent behavior, bypass safety filters, or extract system prompts.
- [DATA_EXFILTRATION]: No evidence of sensitive data access or exfiltration was found. Network operations mentioned (e.g., fetch, WebSocket) are standard examples for local API interaction within web applications.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or private keys were detected. The skill follows best practices by not including sensitive information in its examples.
- [EXTERNAL_DOWNLOADS]: The documentation references standard package installations for 'sonner' and 'next-themes' using established tools like pnpm and the shadcn CLI. These are well-known dependencies in the React ecosystem.
- [COMMAND_EXECUTION]: Included commands are limited to standard developer workflows for package management and project initialization (e.g.,
pnpm add,shadcn add). - [REMOTE_CODE_EXECUTION]: No patterns of downloading and executing scripts from untrusted remote sources were identified.
- [OBFUSCATION]: The skill uses clear, human-readable text and standard code formatting. No base64, zero-width characters, or other obfuscation techniques were found.
Audit Metadata