shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and consume external registry URLs (e.g., "npx shadcn@latest add https://elements.ai-sdk.dev/api/registry/all.json" and the components.json "registries" entries), meaning the agent will read untrusted third-party registry JSONs/manifest content which can materially influence which components are installed and what follow-up CLI/actions are taken.