shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required workflow includes fetching component documentation/examples via npx shadcn@latest docs <component> and then “fetch the URLs to get the actual content”; those example/docs URLs can point to outsider-authored public web content (e.g., raw GitHub pages/files), which the agent would read as free text into the LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to fetch component docs, examples, and registry items at runtime from external URLs (e.g. https://ui.shadcn.com and raw.githubusercontent.com) via the CLI and to inject/use that fetched content to drive component generation and decisions, so remote content can directly control the agent's outputs.