Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/widgets-ui/Gen Agent Trust Hub

widgets-ui

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill documentation encourages users to run npx shadcn@latest add https://ui.inference.sh/r/widgets.json. This pattern downloads a registry file from an unverified external domain, which can lead to the installation of arbitrary code or components into the local project environment.
  • REMOTE_CODE_EXECUTION (HIGH): Multiple instructions involve npx skills add pointing to inference-sh/skills@.... Since this source is not part of the defined Trusted External Sources, these commands represent a risk of remote code execution if the external repository or domain is compromised.
  • COMMAND_EXECUTION (MEDIUM): The use of npx to fetch and integrate remote resources is a recurring pattern in the skill, posing a risk of executing malicious scripts bundled with the UI components.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: The WidgetRenderer component accepts a widget object specifically designed to come from "structured agent responses."
  • Boundary markers: The provided code snippets show no evidence of delimiters or instructions to ignore embedded malicious prompts within the JSON data.
  • Capability inventory: The rendered widgets include interactive elements like buttons and forms that can trigger actions or capture formData.
  • Sanitization: There is no documentation regarding the sanitization or validation of the input JSON to prevent malicious attribute injection or UI-based phishing attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 10:43 PM