Skills
skills/1nfsh-s3/skills/widgets-ui/Gen Agent Trust Hub

widgets-ui

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a UI registry configuration from the vendor's domain (ui.inference.sh) during the setup process via npx shadcn.
  • [COMMAND_EXECUTION]: The documentation instructs users to execute npx commands to install the component and related skill dependencies.
  • [PROMPT_INJECTION]: The skill is designed to render interactive UI components based on structured agent responses, which constitutes an indirect prompt injection surface.
  • Ingestion points: The 'widget' property passed to the WidgetRenderer component in SKILL.md.
  • Boundary markers: None identified in the provided implementation examples.
  • Capability inventory: The skill facilitates UI rendering and form submission handling; it does not demonstrate file system access or shell execution capabilities.
  • Sanitization: The examples do not show explicit validation or sanitization of the JSON data before it is rendered into the UI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:51 AM