ui-styling

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included installer script (scripts/shadcn_add.py) runs "npx shadcn@latest add ..." which at runtime fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/shadcn) so the skill relies on executing external code during runtime.