shadcn-component-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 2 ("Search") explicitly instructs the agent to query external registries (e.g., mcp__shadcn__search_items_in_registries, npx shadcn search, and by linking/browsing registry websites listed in references/registries.md), so the agent fetches and interprets public third-party registry JSON/pages which can influence install/next-action decisions.