shadcn-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the shadcn CLI to fetch and install components and registry items from public registries (e.g. https://ui.shadcn.com/r/{name}.json and arbitrary registry URLs shown in components.json and registryDependencies), which means the agent's workflow involves ingesting untrusted third-party JSON/component files that could influence tooling and subsequent actions.