widgets-ui
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to install components using
npx shadcn@latest add https://ui.inference.sh/r/widgets.json. The domainui.inference.shis not in the trusted sources list, posing a risk of untrusted code execution during the component setup phase. - [REMOTE_CODE_EXECUTION] (HIGH): The documentation suggests adding related skills via
npx skills add inferencesh/skills@.... Sinceinferenceshis not a verified organization in the trusted list, this pattern involves executing potentially malicious remote packages. - [INDIRECT_PROMPT_INJECTION] (HIGH): The core functionality is rendering UIs from agent-generated JSON (Generative UI).
- Ingestion points: The
WidgetRenderercomponent accepts awidgetobject, which is expected to be generated by an AI agent. - Boundary markers: None identified in the schema or usage examples to prevent the agent from being coerced into generating malicious UI structures.
- Capability inventory: Supports forms, buttons with actions, inputs, and external images, allowing for complex interactive workflows.
- Sanitization: There is no evidence of input sanitization or output encoding to prevent the injection of deceptive UI elements (e.g., fake login forms or malicious redirects).
- Risk: An attacker could influence the agent's context to generate a UI that phishes for user credentials or misleads the user into clicking malicious buttons.
Recommendations
- AI detected serious security threats
Audit Metadata