frontend-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "MCP Server Integration" and "Registry Configuration" sections explicitly allow the agent to browse, search, view, and install components from public and user-configured registries (e.g., https://ui.shadcn.com/r/{name}.json, https://v0.dev/chat/b/{name}, and arbitrary registries in components.json), meaning the agent will fetch and read untrusted third-party registry content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP/registry configuration shows the assistant will at runtime fetch component JSON from registries like https://ui.shadcn.com/r/{name}.json and https://v0.dev/chat/b/{name}, which can inject remote component definitions/instructions into the agent's context and drive installs, so these are runtime external dependencies that can directly control prompts or execution.