agent-ui
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads component definitions from the vendor domain ui.inference.sh via the shadcn CLI.
- [COMMAND_EXECUTION]: Utilizes npx and npm for installing dependencies and adding UI components to the project.
- [PROMPT_INJECTION]: The component renders UI widgets and executes tools based on agent responses, creating a surface for indirect prompt injection.
- Ingestion points: Reads agent responses and tool definitions from the configured proxy in SKILL.md.
- Boundary markers: None explicitly defined in the usage examples.
- Capability inventory: Includes browser-side tools like scan_ui and fill_field, and declarative JSON widget rendering.
- Sanitization: None explicitly shown in the provided code snippets.
Audit Metadata