agent-ui
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches component configuration from the vendor's domain at ui.inference.sh using the shadcn CLI during the initialization process.
- [COMMAND_EXECUTION]: Utilizes npx shadcn and npx skills to automate the addition of UI components and related agent capabilities to the project.
- [PROMPT_INJECTION]: The component's functionality involves processing agent-generated data to render UI and execute tools, which presents a surface for indirect prompt injection.
- Ingestion points: Processes agent responses and tool instructions provided through the proxyUrl endpoint defined in SKILL.md.
- Boundary markers: No specific boundary markers or instructions to disregard embedded commands were identified in the configuration documentation.
- Capability inventory: Includes the ability to render dynamic widgets and execute browser-based tools such as scan_ui and fill_field.
- Sanitization: Documentation does not specify explicit sanitization or validation logic for the content received from the agent proxy.
Audit Metadata