Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/tools-ui/Gen Agent Trust Hub

tools-ui

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to run npx shadcn@latest add https://ui.inference.sh/r/tools.json. This command fetches and executes remote configuration and code from a domain (ui.inference.sh) that is not included in the Trusted External Sources list.- REMOTE_CODE_EXECUTION (HIGH): Multiple instances of npx skills add inference-sh/skills@... are used to pull additional code from an untrusted source, which could lead to arbitrary code execution during the installation process.- PROMPT_INJECTION (LOW): The skill provides UI components that render tool outputs, creating an indirect prompt injection surface.
  • Ingestion points: ToolResult (result prop) and ToolCall (args prop) in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: The Agent component includes a proxyUrl for routing requests to external APIs.
  • Sanitization: No sanitization or escaping mechanisms are documented for the tool output being rendered in the UI.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 10:41 PM