Skills
skills/inferencesh/agent-skills/agent-ui/Gen Agent Trust Hub

agent-ui

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to install components and related skills using npx shadcn@latest add and npx skills add from https://ui.inference.sh and inferencesh/skills. These domains and organizations are not on the trusted list, making the source code unverifiable.
  • REMOTE_CODE_EXECUTION (MEDIUM): The use of npx shadcn@latest add with a remote URL (https://ui.inference.sh/r/agent.json) allows for the automated download and execution of remote configuration files into the local development environment.
  • PROMPT_INJECTION (MEDIUM): This finding refers to an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: The Agent component processes real-time token streams from an AI model and handles user-provided data if allowFiles or allowImages is enabled.
  • Boundary markers: No explicit boundary markers or instruction-guarding delimiters are present in the component configuration examples.
  • Capability inventory: The skill enables client-side tools like scan_ui and fill_field which can interact with and manipulate the user's browser DOM/forms.
  • Sanitization: No documentation is provided regarding the sanitization of model outputs before they are translated into client-side tool executions, creating a risk where malicious data processed by the agent could trigger unauthorized UI actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:45 AM