shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL explicitly requires fetching and reading external component docs/examples and registry items (e.g., "Run npx shadcn@latest docs <component> to get URLs, then fetch these URLs" in SKILL.md and the cli.md/docs sections, and the MCP registry tools and community registry URLs), which are public/untrusted third‑party sources and are used to drive install/merge/fix decisions—allowing indirect prompt injection via those fetched pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching component docs at runtime (e.g., "Fetch these URLs to get the actual content") and gives concrete examples such as https://raw.githubusercontent.com/.../examples/button-example.tsx which will be fetched and injected into the agent's context to drive its instructions/code generation.