Skills
skills/1nfsh-s3/skills/tools-ui/Gen Agent Trust Hub

tools-ui

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The documentation instructs users to execute npx shadcn@latest add https://ui.inference.sh/r/tools.json. This pattern downloads and installs code from an external URL that is not on the Trusted External Sources list.
  • COMMAND_EXECUTION (LOW): The skill relies on npx commands for installation and component management, which is a standard but noteworthy execution pattern for UI libraries.
  • INDIRECT PROMPT INJECTION (LOW): The skill serves as a UI layer that processes and displays untrusted data.
  • Ingestion points: args prop in ToolCall and result prop in ToolResult components.
  • Boundary markers: None explicitly implemented in the provided code snippets to distinguish between data and instructions.
  • Capability inventory: The components facilitate tool execution (onApprove={() => executeTool()}) and human-in-the-loop flows.
  • Sanitization: No evidence of sanitization or escaping of the displayed tool outputs is present in the snippets.
  • Mitigation: The inclusion of ToolApproval components for human-in-the-loop verification is a strong security best practice that mitigates the risk of automated obedience to injected instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 07:55 PM