Skills
skills/shadcn-labs/skills/launch-shadcn-registry/Gen Agent Trust Hub

launch-shadcn-registry

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script (scripts/validate-registry.sh) with user-supplied arguments such as <registryBaseUrl>. If the agent does not properly sanitize these inputs, a user could provide strings containing shell metacharacters to execute arbitrary commands.
  • [PROMPT_INJECTION]: The skill implements an automated workflow that processes content from an external registry.json file to generate GitHub Pull Requests and social media drafts. This creates an indirect prompt injection vulnerability.
  • Ingestion points: Data is fetched from a user-provided registry URL and individual component JSON files via curl.
  • Boundary markers: No delimiters or warnings are used to isolate the remote data from the agent's instructions.
  • Capability inventory: The skill uses high-privilege tools including the GitHub CLI (gh) for PR creation and git for repository manipulation.
  • Sanitization: No validation or escaping is performed on the data retrieved from the remote registry index.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the community directory from the official shadcn-ui GitHub repository (https://raw.githubusercontent.com/shadcn-ui/ui/main/apps/v4/registry/directory.json). This fetch targets a well-known service and is a safe, documented part of the skill's functionality.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 08:49 PM
Security Audit — agent-trust-hub — launch-shadcn-registry