Skills
skills/toolshell/skills/tools-ui/Gen Agent Trust Hub

tools-ui

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches UI component definitions from the vendor's registry at https://ui.inference.sh/r/tools.json using npx shadcn. It also references remote skill additions from inference-sh/skills.- [PROMPT_INJECTION]: Indirect prompt injection surface (Category 8) detected in tool rendering logic.
  • Ingestion points: Data enters the component via the result prop of ToolResult and the args prop of ToolCall and ToolApproval components in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are documented for these UI components.
  • Capability inventory: The ToolApproval component triggers tool execution through onApprove and onDeny callbacks.
  • Sanitization: The documentation does not detail any sanitization or escaping of tool outputs before they are rendered in the UI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:05 PM