shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and install component source code from external registries (e.g., "Direct Installation (Recommended) npx shadcn@latest add [component-name]" which "downloads the component source code") and to use registry APIs/commands like get_component, get_project_registries, list_items_in_registries which indicate the agent will read untrusted/public registry or repository content as part of its workflow, so third-party content could influence actions.