nextjs-shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The mandatory workflow requires spawning a research agent to "verify latest shadcn/ui docs via Context7/Exa" and explicitly calls for mcp__shadcn__* tools to search and view component source in the shadcn registry (public third‑party content), which the agent is required to read and use to drive implementation decisions and tool actions.