shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read documentation and example URLs from external sites (e.g., "Run npx shadcn@latest docs <component> to get documentation and example URLs. Fetch these URLs to get the actual content." in SKILL.md) and to browse registry items/remote URLs via the MCP server and CLI (mcp.md, cli.md), which are public third‑party sources whose content the agent must interpret and that can change tooling actions—so untrusted web content can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch component docs and registry items at runtime (e.g. registry/index URLs like https://ui.shadcn.com/r/registries.json and raw file URLs such as https://raw.githubusercontent.com/.../examples/button-example.tsx), and those fetched contents are injected/used to guide the agent or to install code, so they can directly control prompts or execute remote code.