tailwind-v4-shadcn

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes runtime commands that fetch and execute remote code (e.g., "npx shadcn@latest" / "pnpm dlx shadcn@latest", which pull and run the shadcn package from the npm registry such as https://registry.npmjs.org/shadcn), and the skill relies on that scaffolding to generate templates—so this is a runtime external dependency that executes remote code.