ag-ui-protocol
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists exclusively of Markdown documentation and does not ship with any executable scripts, binaries, or automated configuration files.
- [Indirect Prompt Injection] (LOW): The AG-UI protocol defines an interaction model that processes untrusted data from users and external tools, which constitutes an attack surface for indirect prompt injection. * Ingestion points: User message content and tool results (see docs/2025-11-27/concepts/messages.md and docs/2025-11-27/concepts/tools.md). * Boundary markers: The protocol uses structured event types and roles (user, assistant, system) as boundaries. * Capability inventory: The skill metadata in SKILL.md allows the use of Bash and Edit tools. * Sanitization: The provided documentation does not include explicit sanitization or filtering logic for ingested content.
- [External Downloads] (LOW): Documentation and example setup instructions reference resources from the ag-ui-protocol GitHub organization and associated npm packages. While these sources appear legitimate for the protocol's purpose, they are not on the predefined list of trusted external sources.
Audit Metadata