shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI workflow explicitly fetches and previews components from external namespaced registries (e.g., "npx shadcn@latest search @acme", "view", "add @acme/custom-button") and builds/serves registry JSON over HTTP (references/cli-and-registry.md), which means the agent would ingest and act on untrusted third‑party registry content when deciding to install or transform components.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly instructs running the shadcn CLI via npx (e.g., "npx shadcn@latest add" / "npx shadcn@latest init"), which downloads and executes remote code from the npm registry (e.g., https://registry.npmjs.org/shadcn) at runtime, making it a required external dependency that executes remote code.