shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and reading external component docs/examples (SKILL.md and cli.md instruct running "npx shadcn@latest docs " and "fetch these URLs", and the MCP/CLI view/add commands and community registries expose arbitrary public URLs like ui.shadcn.com and registry URLs), so the agent ingests untrusted third‑party content that can materially influence install/update actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching component docs/examples at runtime (e.g., "https://raw.githubusercontent.com/.../examples/button-example.tsx") and to use those fetched raw files to drive installs/edits in the project, so remote content can directly control the agent's instructions and the code written into the user's repo.