shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and CLI docs (SKILL.md and cli.md) explicitly instruct the agent to run "npx shadcn@latest docs " and "fetch these URLs" (and the MCP tools in mcp.md let the agent view registry items and arbitrary registry URLs), meaning the agent will fetch and interpret untrusted public third‑party documentation/registry pages which can directly influence install/update/merge actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent/CLI to fetch external docs, examples, and registry JSON at runtime (e.g., https://ui.shadcn.com and raw GitHub example URLs like https://raw.githubusercontent.com/.../examples/button-example.tsx and even arbitrary URLs shown in examples such as https://api.npoint.io/abc123), and those fetched files can contain source/instructions that directly influence the agent's outputs or be installed into the project (npx shadcn add ), so this is a runtime external dependency that can control prompts/execute code.