chat-ui
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install components from an external registry at https://ui.inference.sh/r/chat.json using the shadcn CLI tool.
- [COMMAND_EXECUTION]: Users are prompted to execute npx commands (npx shadcn, npx skills) to add external UI components and related skills to their project.
- [PROMPT_INJECTION]: The chat UI components create an indirect prompt injection surface as they are designed to process and render untrusted user and assistant messages.
- Ingestion points: Data enters the context via the content prop of the ChatMessage component and the onSubmit handler of the ChatInput component as seen in SKILL.md.
- Boundary markers: Usage examples do not include boundary markers or instructions to ignore embedded commands.
- Capability inventory: No executable code or scripts are included in the skill, resulting in zero local capabilities for potential exploitation.
- Sanitization: The provided code snippets do not demonstrate sanitization or validation of the message content before display.
- [NO_CODE]: This skill is entirely comprised of markdown documentation and usage examples, containing no executable assets or script files.
Audit Metadata