shadcn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read external component docs, example URLs, and registry items from third‑party sources (see SKILL.md and cli.md: "run npx shadcn@latest docs to get the URLs, then fetch them" and mcp.md's registry/view tools and community registry indexes like ui.shadcn.com/r/registries.json), so untrusted remote content is ingested and used to drive install/merge/command decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch component docs/examples (e.g. https://raw.githubusercontent.com/.../examples/button-example.tsx) and to use that fetched content to drive component creation and prompts, so remote content from raw.githubusercontent.com can directly control the agent's instructions and produced code.