widgets-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes structured agent responses to render interactive UI components, creating a surface for indirect prompt injection.
- Ingestion points: Data is passed to the
WidgetRenderervia thewidgetproperty in React components (SKILL.md). - Boundary markers: The provided documentation does not include boundary markers or explicit instructions to the LLM to ignore embedded commands in the UI data.
- Capability inventory: The renderer supports form submissions, button click actions, and image rendering (SKILL.md).
- Sanitization: No specific input sanitization or schema validation for the agent-generated UI definitions is detailed in the documentation.
- [EXTERNAL_DOWNLOADS]: Fetches UI component configurations from the vendor's domain (ui.inference.sh) using the shadcn CLI during the setup process.
- [COMMAND_EXECUTION]: Provides instructions to execute shell commands via npx to install the widget system and related vendor skills.
Audit Metadata