Skills
skills/tul-sh/skills/tools-ui/Gen Agent Trust Hub

tools-ui

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading external JSON configurations from https://ui.inference.sh/r/tools.json and fetches secondary skills from the inference-sh repository.
  • [COMMAND_EXECUTION]: Instructs the user to run npx shadcn and npx skills commands, which involves fetching and executing code from remote registries to install UI components.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming and rendering untrusted tool data (arguments and results) within UI components. Mandatory Evidence Chain: (1) Ingestion points: args and result properties in ToolCall, ToolResult, and ToolApproval components in SKILL.md; (2) Boundary markers: None identified in the component examples; (3) Capability inventory: External command execution via npx during installation; (4) Sanitization: No sanitization or escaping of tool outputs is demonstrated in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 12:29 PM