shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and install components and registry items from open registries and arbitrary URLs (e.g., npx shadcn@latest add and registries like https://ui.shadcn.com/r/{name}.json and explicit registryDependencies such as https://example.com/r/editor.json shown in official-ui-reference.md and SKILL.md), so untrusted remote content would be ingested and could influence installation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the shadcn CLI (e.g., npx shadcn@latest add/init) which at runtime fetches component/registry JSON from the shadcn site (e.g., https://ui.shadcn.com and https://ui.shadcn.com/r/{name}.json), causing remote content to be downloaded and installed/executed and thus directly control the installed code—so these URLs are runtime external dependencies that can control code.