21st-registry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using the @21st-dev/registry CLI which "fetches the registry JSON and component file" and supports searching team/public marketplaces (SKILL.md), so the agent will ingest untrusted user-authored component files from 21st.dev that can influence writing files and running installs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README includes a runtime install step that curls SKILL.md from https://21st.dev/api/skills/21st-registry into the agent's skills directory — fetching remote skill content that the agent will load directly controls the agent's prompts/instructions and is therefore a risky external dependency.