Skills
skills/inferencesh/agent-skills/chat-ui/Gen Agent Trust Hub

chat-ui

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill executes 'npx shadcn@latest add https://ui.inference.sh/r/chat.json' and 'npx skills add inferencesh/skills@agent-ui'. These involve downloading remote configuration and code from an untrusted source (inference.sh) and integrating it locally. Source: https://ui.inference.sh; Execution Method: npx; Status: Untrusted/Unknown.
  • Indirect Prompt Injection (LOW): The ChatMessage and ChatInput components provide ingestion points for untrusted external data (e.g., the 'content' prop). Boundary markers: Absent; Capability: Display only (INFO tier); Sanitization: None documented. This surface poses a minor risk if rendered content is not properly handled by downstream components.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:38 AM