shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and cli.md explicitly require running npx shadcn@latest docs <component> and fetching the resolved documentation/example URLs (including raw GitHub and community registry URLs) and using MCP/view tools to read registry item files, so the agent ingests and acts on untrusted public third‑party content that can influence next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch component docs and example source at runtime (e.g., URLs like https://raw.githubusercontent.com/.../examples/button-example.tsx returned by npx shadcn@latest docs), and those fetched files would be injected/used to determine instructions and code, so external content can directly control prompts.