shadcn
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow includes fetching component documentation/examples via
npx shadcn@latest docs <component>and then fetching the resulting URLs’ contents; those fetched pages/examples are outsider-authored free text that can be ingested into the agent’s LLM context (indirect prompt injection risk).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch component docs/examples and registry files (e.g. https://ui.shadcn.com/docs/..., https://raw.githubusercontent.com/.../examples/..., and example endpoints like https://api.npoint.io/abc123 or https://ui.shadcn.com/r/registries.json) and to inject that fetched content into the model/context to determine how to generate or install components, so these external URLs are used during runtime and directly control prompts/instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata