shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (see SKILL.md "Component Docs, Examples" and cli.md 'docs'/'add' commands) explicitly tells the agent to fetch documentation and example URLs (e.g., ui.shadcn.com and raw.githubusercontent.com) and the MCP registry tooling (mcp.md) exposes public registry URLs, so the agent will ingest untrusted, user/registry-supplied web content that can directly influence install, merge, and code-editing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the CLI/agent to fetch arbitrary external URLs at runtime (e.g., "npx shadcn@latest add https://api.npoint.io/abc123"), and those fetched files/JSON directly drive what components/files are added or viewed—therefore remote content can directly control the agent's instructions and project changes.