shadcn
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute shell commands via package runners (npx, pnpm, bun) to interact with the shadcn CLI. This is the primary purpose of the skill and is restricted to the 'shadcn' command.
- [EXTERNAL_DOWNLOADS]: The skill fetches component documentation and usage examples from external URLs provided by the CLI (e.g., ui.shadcn.com, raw.githubusercontent.com). It also supports adding components directly from URLs.
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses the '!' prefix to execute
npx shadcn@latest info --jsonat load time. This is used to populate the agent's context with current project configuration and installed components, which is a legitimate use of the feature for project-aware tools. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is instructed to fetch and process content from external documentation and example URLs.
- Ingestion points: Documentation, API references, and example source code fetched from URLs generated by the
docscommand (SKILL.md). - Boundary markers: Absent; the fetched content is processed directly to guide component implementation.
- Capability inventory: The agent has access to the Bash tool to execute CLI commands and file system operations (SKILL.md).
- Sanitization: No explicit sanitization or validation of the fetched external content is described before processing.
Audit Metadata