shadcn-core-registry
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill is the shadcn CLI fetching registry item JSON from a (potentially outsider-controlled) URL template specified in
components.json#registries, then inlining the registry item’sfiles[].content(free-form source text) into the agent/CLI’s LLM-readable context for generation/processing—i.e., outsider-authored content via the registry fetch path.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The shadcn CLI explicitly fetches registry item JSON at runtime (e.g., the implicit default template https://ui.shadcn.com/r/{name}.json, and likewise custom templates like https://registry.example.com/{name}.json), and those responses include inlined "content" (source files) that the CLI writes and may trigger dependency installs — meaning remote content directly controls the code written into the project.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata