agent-ui
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches component configuration and related building blocks from the official
ui.inference.shandinference-shrepositories usingnpx shadcnandnpx skillscommands. - [EXTERNAL_DOWNLOADS]: Installs the vendor's official SDK (
@inferencesh/sdk) from the npm registry. - [CREDENTIALS_UNSAFE]: Instructions correctly recommend storing sensitive API keys (
INFERENCE_API_KEY) in a.env.localfile, which is the standard safe practice for environment variable management. - [PROMPT_INJECTION]: The skill implements a chat interface with 'human-in-the-loop' features and client-side tools like
scan_uiandfill_field. This creates an indirect prompt injection surface where untrusted data from scanned web pages or UI elements could attempt to manipulate the agent's behavior. - Ingestion points: User input through the
Agentcomponent and automated UI data through thescan_uitool (SKILL.md). - Boundary markers: None explicitly documented in the provided implementation examples.
- Capability inventory: Includes client-side tool execution, form filling, and human-in-the-loop approval flows (SKILL.md).
- Sanitization: No specific sanitization or escaping of scanned UI content is detailed in the component configuration.
Audit Metadata