shadcn-vue-skilld

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI/docs workflow (see references/docs/06.cli.md) explicitly supports viewing/searching/adding registry items and fetching component docs (and the repo includes many references/discussions/*.md linking to GitHub discussions and external demo sites), meaning the agent is expected to fetch and act on untrusted, user-generated public registry/docs content which can materially change tool actions (install/update/apply), so it exposes the agent to indirect prompt injection risk.