widgets-ui
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches declarative UI registry configurations and component blocks from the official vendor domain at ui.inference.sh using the shadcn CLI.
- [COMMAND_EXECUTION]: Utilizes npx shadcn and npx skills commands to install and manage UI components from the inference-sh ecosystem.
- [PROMPT_INJECTION]: The skill implements a generative UI pattern that processes agent-generated JSON, creating a surface for indirect prompt injection (Category 8).
- Ingestion points: UI structure is ingested via the widget property of the WidgetRenderer component in SKILL.md.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the component usage examples.
- Capability inventory: The widgets support interactive elements (buttons, forms, inputs) that trigger the onAction callback for further processing.
- Sanitization: The documentation does not specify input validation or sanitization for the JSON payload before rendering.
Audit Metadata