Skills
skills/inference-sh/agent-skills-registry/chat-ui/Gen Agent Trust Hub

chat-ui

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references an external JSON registry file at https://ui.inference.sh/r/chat.json to facilitate component installation.
  • [COMMAND_EXECUTION]: Provides commands using npx to add UI blocks and additional skills, such as inference-sh/skills@agent-ui, which originate from the author's own namespace.
  • [PROMPT_INJECTION]: The provided UI components serve as a display layer for chat messages, creating a surface for indirect prompt injection from data sources.
  • Ingestion points: Untrusted content is passed to the content prop of the ChatMessage component as shown in SKILL.md.
  • Boundary markers: None are defined in the code snippets provided.
  • Capability inventory: The skill contains React components for UI rendering (messages, inputs, indicators) without direct system or network execution capabilities.
  • Sanitization: The snippets do not explicitly detail sanitization logic, relying on the implementation of the React components or the parent application.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 09:20 PM