Skills
skills/inferencesh/agent-skills/tools-ui/Gen Agent Trust Hub

tools-ui

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill uses 'npx shadcn@latest add https://ui.inference.sh/r/tools.json' to download and install UI components from an untrusted domain outside the allowed trust scope.
  • REMOTE_CODE_EXECUTION (HIGH): The command 'npx skills add inferencesh/skills@agent-ui' triggers the installation of remote code from an unverified source.
  • PROMPT_INJECTION (HIGH): This skill is vulnerable to indirect prompt injection. (1) Ingestion points: tool names, arguments, and results are passed to components like ToolCall and ToolApproval. (2) Boundary markers: None present. (3) Capability inventory: The ToolApproval component facilitates user decisions on tool execution (e.g., send_email). (4) Sanitization: No evidence of data sanitization or escaping, allowing malicious tool data to deceive the user into approving dangerous actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:46 AM