shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation and registry workflows (e.g., "Installation & Setup" and the references) instruct using the shadcn CLI to fetch component files from public registries and URLs (e.g., npx shadcn@latest add, https://ui.shadcn.com/r/{name}.json and other remote registry URLs like https://example.com/r/editor.json), which clearly causes the agent to ingest untrusted, user-provided third‑party content as part of its runtime workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs use of the shadcn CLI and registries (e.g., the registry URL https://ui.shadcn.com/r/{name}.json) which are fetched at runtime by commands like npx shadcn@latest add/init and components.json registryDependencies (e.g., https://example.com/r/button.json) to download JSON/templates that install remote component files—i.e., remote content fetched at runtime that can control what code/files are injected into the project.