Shadcn UI & Blocks

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill configures and uses the runtime registry URL https://shadcnblocks.com/r/{name} (via components.json and instructions like "npx shadcn add @shadcnblocks/..."), which will fetch remote package code during runtime and can result in executing remote install code, so it is a required external dependency that pulls executable content.