aceternity-ui
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Configures the shadcn CLI to retrieve component code from the official Aceternity UI registry at 'https://ui.aceternity.com/registry/{name}.json'.
- [COMMAND_EXECUTION]: Orchestrates project initialization and component installation using standard package managers (bun, npm, pnpm) and CLI tools (create-next-app, shadcn).
- [REMOTE_CODE_EXECUTION]: Component installation via 'shadcn add' involves downloading source code from a remote registry and writing it directly to the local filesystem, which is the intended functionality of the library's distribution model.
- [PROMPT_INJECTION]: Provides a surface for indirect prompt injection via user-provided component names interpolated into shell commands. 1. Ingestion points: component names in 'component-catalog.md' and user requests; 2. Boundary markers: absent; 3. Capability inventory: shell execution via npx/bunx; 4. Sanitization: absent. This risk is inherent to CLI-based component managers and is considered acceptable for the skill's purpose.
Audit Metadata