shadcn
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses
npx shadcn@latestand other package runners to execute CLI commands for managing UI components. These operations are conducted within the local project directory and are restricted to the official tools specified in the frontmatter. - [EXTERNAL_DOWNLOADS]: Fetches documentation and component examples from
ui.shadcn.comand official GitHub repositories. These are well-known and reputable sources for shadcn/ui development. - [COMMAND_EXECUTION]: Implements dynamic context injection via the
!npx shadcn@latest info --jsoncommand to gather project-specific metadata (e.g., framework, Tailwind version) at skill load time. This ensures the AI provides contextually relevant recommendations based on the user's environment. - [PROMPT_INJECTION]: The skill uses instructional markers like 'IMPORTANT' and 'Critical Rules' to prioritize specific development patterns and safety guidelines for UI composition. These are standard instructional techniques and do not indicate malicious intent to bypass safety guidelines.
Audit Metadata