widgets-ui
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches UI component registry and configuration from the official vendor domain at ui.inference.sh.
- [COMMAND_EXECUTION]: Provides instructions for component installation using standard npx commands targeting the vendor's official registry and repositories.
- [PROMPT_INJECTION]: Analyzed surface for Indirect Prompt Injection. 1. Ingestion points: The WidgetRenderer component processes data from agent-generated JSON. 2. Boundary markers: Usage examples do not specify explicit delimiters. 3. Capability inventory: UI elements are limited to standard interactive components (buttons, inputs) without system-level execution capabilities. 4. Sanitization: Implementation details for content validation are encapsulated within the vendor's library.
Audit Metadata