shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs the agent to spawn a research:quick-searcher to fetch external docs (e.g., https://ui.shadcn.com/docs/components/{name}, Radix and TanStack pages) and the registry guide shows installing component JSON from arbitrary/deployed URLs, so the agent will fetch and interpret public third‑party content as part of its workflow which can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs spawning a quick-searcher agent to "Fetch https://ui.shadcn.com/docs/components/{component-name}" at runtime and extract/return the content, meaning external docs are fetched and injected into the agent's context (controlling prompts) and the skill relies on that behavior.