Skills
NYC
skills/assistant-ui/skills/setup/Gen Agent Trust Hub

setup

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill frequently uses npx assistant-ui@latest, which downloads and executes the latest version of the CLI tool from the npm registry at runtime. This introduces a dependency on the integrity of the npm package and the assistant-ui maintainers.
  • EXTERNAL_DOWNLOADS (MEDIUM): The add command fetches component definitions from https://r.assistant-ui.com/{name}.json. This external registry acts as an ingestion point for code that is subsequently added to the user's project.
  • COMMAND_EXECUTION (LOW): The skill provides numerous commands for project initialization (init, create) and component management (add). These are standard development operations but grant the agent significant influence over the local file system and project configuration.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill reads from external sources like https://www.assistant-ui.com/llms.txt and registry JSON files. While these are intended for documentation and configuration, they represent a surface where untrusted data could influence agent behavior during setup.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 08:43 PM