Skills
skills/objectstack-ai/framework/objectstack-ui/Gen Agent Trust Hub

objectstack-ui

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The WidgetSourceSchema in references/ui/widget.zod.ts allows UI widgets to be loaded from external URLs or defined using inline JavaScript code strings.
  • [REMOTE_CODE_EXECUTION]: The WidgetLifecycleSchema in references/ui/widget.zod.ts defines string-based hooks such as onMount, onUpdate, and onValidate that are designed to contain and execute arbitrary JavaScript logic.
  • [EXTERNAL_DOWNLOADS]: The ViewDataSchema in references/ui/view.zod.ts facilitates fetching data from user-defined API endpoints through its api provider, using the HttpRequestSchema defined in references/shared/http.zod.ts.
  • [COMMAND_EXECUTION]: references/ui/action.zod.ts defines an action system that can trigger server-side scripts or API calls based on machine identifiers via the type: 'script' and type: 'api' settings.
  • [PROMPT_INJECTION]: The skill's architecture for processing data-driven UI layouts creates a surface for indirect prompt injection. 1. Ingestion points: references/ui/view.zod.ts (ViewDataSchema) and references/ui/page.zod.ts (PageComponentSchema). 2. Boundary markers: Absent in instructions and schemas. 3. Capability inventory: JavaScript execution via WidgetLifecycleSchema and WidgetSourceSchema in references/ui/widget.zod.ts, and network operations via HttpRequestSchema in references/shared/http.zod.ts. 4. Sanitization: Not enforced in the protocol definitions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 08:18 AM
Security Audit — agent-trust-hub — objectstack-ui