building-react-web-application

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's add-registry-component flow (scripts/add-registry-component.js) and the adding-registry-components.md instructions explicitly fetch and parse registry JSON via commands like "npx shadcn@latest view " (e.g., ui.shadcn.com or other registry URLs), then install dependencies and write/transform files and CSS into the project based on that untrusted public registry content—meaning remote, user-provided registry data is ingested and directly drives tool actions and file changes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts/add-registry-component.js runtime invokes external tooling (e.g. "npx shadcn@latest view") and accepts registry URLs such as https://ui.shadcn.com/r/styles/new-york/button.json which it fetches/executes at runtime and writes/installs returned code and dependencies into the project, so remote content directly controls generated code and causes execution/install of remote packages.