shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and cli.md explicitly require running npx shadcn@latest docs <component> and then fetching the resolved URLs (e.g., docs on ui.shadcn.com and raw GitHub example URLs), and the MCP tools (shadcn:view_items_in_registries) return full registry item contents — all of which are public, user/registry-provided third‑party content that the agent is expected to read and use to drive installs/merges, so untrusted content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch component docs and example source from external URLs (e.g. https://ui.shadcn.com and raw.githubusercontent.com/...) and to use that fetched content to guide code generation and installs, so remote content can directly control the agent's instructions and the installable code.