Skills
skills/1nfsh-s3/skills/agent-ui/Gen Agent Trust Hub

agent-ui

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill instructs users to install components via npx shadcn@latest add https://ui.inference.sh/r/agent.json. Downloading and executing code or configurations from an external, non-trusted source is a significant security risk as the remote payload is not verified.\n- [External Downloads] (MEDIUM): Multiple commands (npx skills add inference-sh/skills@chat-ui) download external logic and skills from sources outside the trusted scope defined for this environment.\n- [Indirect Prompt Injection] (LOW): The skill processes agent-generated responses to build 'Widgets' (declarative JSON UI). This creates an attack surface where a compromised or malicious agent response could attempt to manipulate the UI or execute unintended client-side tool actions.\n
  • Ingestion points: Data retrieved from agent responses via the proxyUrl endpoint.\n
  • Boundary markers: None identified in the skill definition to separate instruction from data.\n
  • Capability inventory: Client-side tools for UI interaction (scan_ui, fill_field), and support for file/image uploads.\n
  • Sanitization: The skill documentation does not specify how it validates or sanitizes the JSON schema provided by the agent for widget generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 08:23 PM