agent-ui
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download component configurations and registry files from the vendor's official domain at ui.inference.sh.
- [COMMAND_EXECUTION]: Setup instructions involve executing npx and npm commands to install the agent component and the @inferencesh/sdk library from the vendor's namespace.
- [PROMPT_INJECTION]: The skill defines a UI component that processes and renders AI agent responses, creating an indirect prompt injection surface.
- Ingestion points: The Agent component handles responses and declarative JSON widgets generated by an AI model, which are then rendered in the user interface.
- Boundary markers: No specific boundary markers or delimiters for isolating untrusted agent content are documented in the skill instructions.
- Capability inventory: The skill enables browser-side tools such as scan_ui and fill_field, which allow the agent to interact with and read data from the user's browser environment.
- Sanitization: The skill features a human-in-the-loop approval system for tool lifecycles, which acts as a manual review checkpoint before the agent performs actions.
Audit Metadata