shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read external component documentation and example URLs (e.g., "Run npx shadcn@latest docs " and the add/view commands which accept arbitrary registry URLs, plus the MCP "view_items_in_registries" tool), meaning untrusted public registry/GitHub/raw docs are ingested and can directly influence install, merge, and update actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch component docs/examples (e.g. the example URL pattern https://raw.githubusercontent.com/... referenced by npx shadcn@latest docs and "Fetch these URLs to get the actual content") and to use that fetched content to drive how the agent composes/edits code, meaning remote content can directly control agent instructions.