frontend-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's shadcn reference (references/shadcn.md) documents an MCP server integration and registry configuration (e.g., registries like https://ui.shadcn.com/r/{name}.json and https://v0.dev/chat/b/{name}) that instructs the assistant to browse, search, and install components from public registries—clearly causing the agent to fetch and interpret untrusted third‑party content that can change its actions (installing/adding components).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's MCP/registry integration explicitly fetches remote registry JSON and runs the shadcn CLI at runtime (examples: https://ui.shadcn.com/r/{name}.json and https://v0.dev/chat/b/{name}, plus use of npx shadcn@latest), which will deliver component files/JSON that are injected into the assistant/tooling context or executed/installed locally—i.e., remote content fetched at runtime that can directly control prompts or execute code.