nextjs-shadcn-builder

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime installation/initialization that fetches and runs remote packages (e.g., npx shadcn@latest which executes code from the npm registry) and relies on MCP/docs at https://ui.shadcn.com/docs/mcp and the raw skill file at https://raw.githubusercontent.com/majiayu000/claude-skill-registry/main/skills/data/nextjs-shadcn-builder/SKILL.md, so external content is fetched during runtime and can directly control agent behavior or execute code.