skills/skills-shell/skills/widgets-ui/Gen Agent Trust Hub

widgets-ui

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download UI component registry data from "https://ui.inference.sh/r/widgets.json" using the shadcn CLI tool.
  • [COMMAND_EXECUTION]: Provides instructions to run several shell commands to install dependencies and related tools:
  • "npx skills add belt-sh/cli" to install a CLI helper.
  • "npx shadcn@latest add https://ui.inference.sh/r/widgets.json" to configure the UI registry and download components.
  • "npx skills add inference-sh/skills@agent-ui" and other variants for chat and tool UIs.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted data (agent-generated JSON) to dynamically render interactive UI components, creating a surface for indirect prompt injection.
  • Ingestion points: The widget prop in the WidgetRenderer component accepts structured JSON data from external or agent sources.
  • Boundary markers: No explicit delimiters or instructions are provided in the documentation to ensure the agent ignores potentially malicious instructions within the processed JSON data.
  • Capability inventory: The rendered widgets support interactive elements including buttons, form inputs, and select fields with associated actions like onClickAction and onSubmit handlers.
  • Sanitization: No evidence of sanitization or validation of the input JSON schema before rendering is present in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:47 PM