shadcn
Warn
Audited by Snyk on Mar 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and act on arbitrary HTTP-hosted registries and component manifests (e.g., "npx shadcn@latest add https://.../r/my-component.json" in SKILL.md and registry-authoring.md), and those registries can contain untrusted JSON (including registry:ai items and docs) that the agent is expected to read and which can change CLI actions, so third-party content can materially influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The shadcn CLI explicitly supports fetching registry JSON at runtime (e.g., via
npx shadcn@latest add https://my-registry.com/r/data-grid.json), and registry items can be of typeregistry:ai(AI prompts/configurations), so remote JSON at that URL can directly supply prompts/configurations to the agent.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata