Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/chat-ui/Gen Agent Trust Hub

chat-ui

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to run npx shadcn@latest add https://ui.inference.sh/r/chat.json. This command fetches component definitions and source code from an external, untrusted URL, which can be modified by the source provider to include malicious content.\n- REMOTE_CODE_EXECUTION (HIGH): Installing components from a remote registry via npx shadcn involves integrating and potentially executing external code in the local environment, posing a risk equivalent to running untrusted scripts.\n- PROMPT_INJECTION (LOW): As a chat interface library, this skill creates a surface for indirect prompt injection (Category 8). It lacks documented sanitization or boundary markers for rendering untrusted external data. Evidence Chain: 1. Ingestion points: ChatMessage content and ChatInput onSubmit. 2. Boundary markers: Absent. 3. Capability: React UI rendering and state management. 4. Sanitization: Absent in documentation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 10:38 PM