Skills
skills/tool-belt/skills/chat-ui/Gen Agent Trust Hub

chat-ui

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Documentation suggests installing components via npx shadcn add followed by a remote URL (https://ui.inference.sh/r/chat.json), which executes remote component configurations.
  • [COMMAND_EXECUTION]: The skill recommends several shell commands using the npx runner to install external components and related skills.
  • [EXTERNAL_DOWNLOADS]: Fetches visual assets and registry files from subdomains of inference.sh.
  • [PROMPT_INJECTION]: The components facilitate the display of untrusted user and assistant messages, creating a surface for indirect prompt injection.
  • Ingestion points: Data passed to the content prop of ChatMessage and input captured by ChatInput.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are used in the implementation examples.
  • Capability inventory: The React components themselves do not possess capabilities like file system access or network request execution.
  • Sanitization: No sanitization or escaping logic is included in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:02 AM