skills/visactor/vbi/shadcn/Gen Agent Trust Hub

shadcn

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Uses npx shadcn@latest and other package runners to execute CLI commands for managing UI components. These operations are conducted within the local project directory and are restricted to the official tools specified in the frontmatter.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and component examples from ui.shadcn.com and official GitHub repositories. These are well-known and reputable sources for shadcn/ui development.
  • [COMMAND_EXECUTION]: Implements dynamic context injection via the !npx shadcn@latest info --json command to gather project-specific metadata (e.g., framework, Tailwind version) at skill load time. This ensures the AI provides contextually relevant recommendations based on the user's environment.
  • [PROMPT_INJECTION]: The skill uses instructional markers like 'IMPORTANT' and 'Critical Rules' to prioritize specific development patterns and safety guidelines for UI composition. These are standard instructional techniques and do not indicate malicious intent to bypass safety guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 05:12 PM
Security Audit — agent-trust-hub — shadcn