shadcn-impl-component-install
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow for
addfetches registry item JSON from either the default public@shadcnregistry or user-configured/remote registries/URLs, and that fetched JSON is then used to generate/write component source text into the project (i.e., outsider-authored free text from public/remote registry content can enter the agent’s LLM context via the fetched registry item contents).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The shadcn CLI fetches registry JSON at runtime (e.g., the default https://ui.shadcn.com/r/{name}.json and user-specified registry URLs such as https://registry.myorg.com/{name}.json or an explicit https://example.com/r/x.json), and that fetched JSON is parsed and written as component source (remote content directly controls the code/files the tool installs), which the skill requires for the add workflow.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata