widgets-ui
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a remote JSON registry on ui.inference.sh for component installation via the shadcn CLI. These resources are hosted on the vendor's official domain and represent standard installation procedures.- [PROMPT_INJECTION]: The skill provides a mechanism for rendering UI based on agent-generated data, which creates a surface for indirect prompt injection. Malicious input processed by the agent could influence the rendered UI components or actions.
- Ingestion points: JSON objects passed to the WidgetRenderer in SKILL.md.
- Boundary markers: None identified in the provided documentation.
- Capability inventory: Supports interactive elements like buttons with click actions and form inputs.
- Sanitization: Relies on external schema validation and application-level handling of widget actions.
Audit Metadata