shadcn-core-registry

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill is the shadcn CLI fetching registry item JSON from a (potentially outsider-controlled) URL template specified in components.json#registries, then inlining the registry item’s files[].content (free-form source text) into the agent/CLI’s LLM-readable context for generation/processing—i.e., outsider-authored content via the registry fetch path.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The shadcn CLI explicitly fetches registry item JSON at runtime (e.g., the implicit default template https://ui.shadcn.com/r/{name}.json, and likewise custom templates like https://registry.example.com/{name}.json), and those responses include inlined "content" (source files) that the CLI writes and may trigger dependency installs — meaning remote content directly controls the code written into the project.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 03:40 PM
Issues
2
Security Audit — snyk — shadcn-core-registry