Skills
skills/inferencesh/skills/widgets-ui/Gen Agent Trust Hub

widgets-ui

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to run npx shadcn@latest add https://ui.inference.sh/r/widgets.json. This pattern downloads and executes code from a non-whitelisted external domain.
  • REMOTE_CODE_EXECUTION (HIGH): Usage of npx skills add with references such as inferencesh/skills@agent-ui allows for the installation and execution of arbitrary code from untrusted sources via a command-line interface.
  • COMMAND_EXECUTION (MEDIUM): Documentation provides shell commands that encourage users to execute installers and code-addition scripts directly in their environment from unverified 3rd party sources.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill renders UI widgets from 'agent responses'. This creates an attack surface where a compromised agent could generate UI that tricks the user (e.g., phishing forms or malicious action buttons). Evidence Chain: 1. Ingestion points: WidgetRenderer component widget prop. 2. Boundary markers: Absent. 3. Capability: Form submission, button clicks, and UI rendering. 4. Sanitization: None visible in the provided snippets.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:12 PM