shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and consume external component registries (e.g., "npx shadcn@latest add https://elements.ai-sdk.dev/api/registry/all.json" and the components.json "registries" URLs), which are public/third-party JSONs whose code/content the CLI reads and installs and thus could contain untrusted instructions that influence agent actions.