shadcn-component-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly searches and fetches component listings and code/examples from public registries via MCP calls (e.g., mcp__shadcn__search_items_in_registries and mcp__shadcn__get_item_examples_from_registries) and links to community sites like reui.dev, animate-ui.com, and registry.directory, meaning the agent ingests untrusted third‑party/user-generated content.