shadcn-registries

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow and MCP calls (mcp__shadcn__search_items_in_registries and mcp__shadcn__get_add_command_for_items in SKILL.md) plus the registry URLs listed in references/registry-config.md (e.g., https://ui.shadcn.com/r and user-defined/custom registry URLs) show the agent will fetch and interpret open third-party registry content (including arbitrary user-defined URLs) and use that data to construct CLI commands — allowing untrusted content to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the shadcn CLI to add components which relies on remote registries (e.g., https://ui.shadcn.com/r and https://ui.shadcn.com/r/basecn) that are fetched at runtime to deliver code/components (and the CLI package itself is fetched/executed via {runner}), so these URLs are runtime external dependencies that can deliver/execute remote code.