shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs (components.json "registries" entries and the CLI/MCP sections in SKILL.md and references/cli-registry.md) explicitly show fetching and browsing external registry URLs (e.g., https://v0.dev/... or https://registry.acme.com/{name}.json) and describe an MCP server/CLI flow that lets the agent search, view and install components from those third-party registries—untrusted content that the agent would read and act on, so it can influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill declares registries in components.json that are fetched at runtime by the shadcn CLI / MCP server (e.g., https://v0.dev/chat/b/{name} and https://registry.acme.com/{name}.json), and those registry JSON endpoints are used to supply component files/prompts that the tool installs or injects into the agent flow, so they can directly control prompts or deliver remote code at runtime.