shadcn
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading component source code from official and well-known registries, including shadcn/ui, Vercel's v0.dev, and the AI SDK elements registry.
- [COMMAND_EXECUTION]: Extensive use of the
npx shadcn@latestCLI is documented for project management tasks. The instructions appropriately guide the agent to use non-interactive flags (e.g.,-d,--defaults) suitable for automated environments. - [CREDENTIALS_UNSAFE]: The documentation includes an example for configuring private registries using environment variable placeholders (e.g.,
${REGISTRY_TOKEN}) in headers, which follows best practices for secret management.
Audit Metadata