widgets-ui
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of a UI component registry from
https://ui.inference.sh/r/widgets.jsonusing the shadcn CLI. This is a standard mechanism for integrating UI components into React/Next.js projects. - [COMMAND_EXECUTION]: The documentation provides shell commands to install the
belt-sh/clitool and other related skills (e.g.,inference-sh/skills@agent-ui) usingnpx. These are part of the ecosystem's standard installation and setup workflow. - [INDIRECT_PROMPT_INJECTION]: As a UI renderer, the skill is designed to display interfaces based on structured agent responses. There is an inherent, though low, risk that an agent could be manipulated into rendering deceptive UI elements (such as phishing forms) if it processes untrusted data without proper validation of the resulting JSON structure.
Audit Metadata