widgets-ui
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of UI component configurations from ui.inference.sh, a provider of generative UI tools. These downloads are part of the standard setup for the widget-renderer system.
- [EXTERNAL_DOWNLOADS]: Related skill installation commands reference components hosted within the inference-sh organization's repositories.
- [PROMPT_INJECTION]: As a generative UI tool, the skill renders widgets based on JSON data likely generated by an AI agent. There is an inherent architectural surface for indirect prompt injection if the agent populates these structures with unsanitized data from untrusted external sources, which could lead to the display of misleading or malicious UI elements.
Audit Metadata