Skills
skills/inferencesh/skills/tools-ui/Gen Agent Trust Hub

tools-ui

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to run npx shadcn@latest add https://ui.inference.sh/r/tools.json. This command downloads configuration and code from an external domain (ui.inference.sh) that is not included in the Trusted External Sources list. This bypasses typical repository-based security reviews.
  • [REMOTE_CODE_EXECUTION] (HIGH): The use of npx shadcn with a remote URL allows for the execution of code generated or hosted by an untrusted third party on the user's local system during the component installation process.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). The components are designed to process and display tool arguments and results which may originate from untrusted external environments.
  • Ingestion points: ToolCall and ToolResult components (SKILL.md).
  • Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are shown in the component examples.
  • Capability inventory: The code examples demonstrate the ability to trigger tool execution via the onApprove callback in ToolApproval and use a proxy URL (/api/inference/proxy) in the Agent component.
  • Sanitization: Absent; there is no evidence of sanitization or escaping of the result or args data before it is rendered in the UI, which could allow malicious tool output to influence the agent or the user interface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:15 PM