frontend-design
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures and uses the shadcn MCP registries (e.g. https://ui.shadcn.com/r/{name}.json and https://v0.dev/chat/b/{name}) and CLI commands like
npx shadcn@latest mcp/npx shadcn@latest add ..., which are invoked at runtime to fetch registry JSON and install/run remote package code that can directly control assistant behavior and install/execute code.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata