frontend-design

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures and uses the shadcn MCP registries (e.g. https://ui.shadcn.com/r/{name}.json and https://v0.dev/chat/b/{name}) and CLI commands like npx shadcn@latest mcp / npx shadcn@latest add ..., which are invoked at runtime to fetch registry JSON and install/run remote package code that can directly control assistant behavior and install/execute code.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 10:27 AM
Issues
1
Security Audit — snyk — frontend-design