shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs running the shadcn CLI (e.g., "npx shadcn@latest init" / "npx shadcn@latest add ") and to "copy component code from ui.shadcn.com" and register remote registry URLs, which causes the agent's workflow to fetch and ingest public third‑party component/registry files (open web content) that could materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly instructs running the shadcn CLI (e.g., "npx shadcn@latest add/ init") which fetches and executes remote packages and registry files at runtime from https://ui.shadcn.com (and related registry URLs), so external content is fetched/executed and controls the installed component code.