tech-logos
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx shadcn@latest addto download and install UI components from the@elementsregistry scope. This is a standard and expected workflow for modern web development using the shadcn/ui pattern. - [COMMAND_EXECUTION]: Executes shell commands including
npxfor component installation and a combination oflsandsedto list available logos from a local registry directory. These commands are utility-focused and tied to the skill's primary functionality. - [PROMPT_INJECTION]: The skill facilitates an indirect injection surface by interpolating user-provided company names into shell commands (e.g.,
npx shadcn@latest add @elements/{name}-logo). While this allows user input to flow into a command-line argument, the risk is contextualized within the agent's component management tasks.
Audit Metadata