shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and the README "Integration with MCP Tools" section) explicitly instructs the agent to use shadcn MCP tools like get_component, get_block, get_component_demo and search_items_in_registries to retrieve component source, demos, and registry items from external registries, which are open/public third-party content that the agent must read and that could materially influence subsequent actions (e.g., code installation or modification).