Skills
skills/renderkid/agent-setup/mindtickle-ui/Gen Agent Trust Hub

mindtickle-ui

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in SKILL.md to execute shell commands during the skill loading process (!npx shadcn@latest info --json ...). This command is used to retrieve project configuration data but involves automatic network access and code execution (via npx) before user interaction.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for users to fetch and install source components from a remote registry (https://ui.mindtickle.design/registry/r/{name}.json) using the npx shadcn@latest command. This pattern encourages the execution of code fetched from an external third-party domain in the user's local development environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 07:30 AM
Security Audit — agent-trust-hub — mindtickle-ui