agent-ui
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs the use of 'npx shadcn' to install components from 'https://ui.inference.sh/r/agent.json', which is not a trusted source according to the safety policy.
- [REMOTE_CODE_EXECUTION] (LOW): Usage of 'npx skills add' to fetch components from 'inference-sh/skills' constitutes remote code retrieval from an unverified repository.
- [PROMPT_INJECTION] (LOW): The skill exposes an Indirect Prompt Injection surface via agentic UI components. Evidence: 1. Ingestion points: Agent component ingests user messages and potentially UI context via 'scan_ui' tool; 2. Boundary markers: No instruction delimiters or boundary markers are utilized in the provided implementation examples; 3. Capability inventory: High-privilege client-side tools like 'scan_ui' and 'fill_field' are enabled; 4. Sanitization: No input sanitization or validation logic is defined in the documentation.
Audit Metadata