The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The Quick Start and Related Skills sections encourage users to run 'npx shadcn@latest add https://ui.inference.sh/r/widgets.json' and 'npx skills add inference-sh/skills@agent-ui'. Both commands fetch code from 'inference.sh', which is not a trusted source.
[REMOTE_CODE_EXECUTION] (HIGH): Executing 'npx shadcn' with a remote URL allows for the execution of arbitrary logic defined in the remote component registry. As the source is untrusted, this poses a high risk of executing malicious code during installation.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection due to its reliance on untrusted agent output to define interactive UI elements. 1. Ingestion points: The 'WidgetRenderer' component consumes JSON objects typically generated by the agent. 2. Boundary markers: Absent; there are no delimiters or specific instructions to the agent to ignore instructions embedded within the UI JSON. 3. Capability inventory: The rendered UIs can include forms, inputs, and buttons that trigger 'onAction' callbacks, potentially enabling an attacker to trick the user or agent into performing unintended actions. 4. Sanitization: Absent; the documentation does not show any logic for sanitizing or validating the incoming widget schema before rendering.

widgets-ui