agent-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches UI component configuration from the vendor domain
ui.inference.shusing theshadcnCLI tool.\n- [EXTERNAL_DOWNLOADS]: Installs the@inferencesh/sdkpackage to handle proxy routing and SDK features.\n- [PROMPT_INJECTION]: The skill implements a chat interface that processes untrusted user data, creating an indirect prompt injection surface.\n - Ingestion points: User inputs and potential file/image uploads processed by the
Agentcomponent inSKILL.md.\n - Boundary markers: Not explicitly defined in the provided usage examples.\n
- Capability inventory: Includes client-side tool execution (e.g.,
scan_ui,fill_field) and human-in-the-loop approval flows.\n - Sanitization: Not specified in the component documentation or configuration examples.
Audit Metadata