agent-ui
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches component definitions from the vendor's domain ui.inference.sh and downloads additional skills from the inference-sh/skills repository.
- [COMMAND_EXECUTION]: The setup instructions involve running npx and npm commands to install the agent component and the required SDK.
- [CREDENTIALS_UNSAFE]: The documentation refers to the use of an INFERENCE_API_KEY environment variable for authentication with the proxy service.
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection because it processes agent-generated responses that can trigger client-side tools like form filling.
- Ingestion points: Agent responses received through the proxyUrl endpoint defined in SKILL.md.
- Boundary markers: No explicit delimiters or boundary markers are defined to separate agent data from instructions.
- Capability inventory: Includes human-in-the-loop approvals and client-side tools for form scanning and field filling as described in SKILL.md.
- Sanitization: No sanitization or content validation mechanisms for agent responses are evident in the provided configuration.
Audit Metadata