ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Unverifiable Dependencies (INFO): The skill references the @ai-sdk/rsc package. Vercel is a trusted organization, so this dependency is safe.
- Indirect Prompt Injection (INFO): The skill describes patterns for rendering untrusted tool outputs. Ingestion points: part.output and part.text in SKILL.md and references/ui-rendering.md. Boundary markers: part.state checks. Capability inventory: UI display only. Sanitization: Uses standard React escaping.
- Data Exposure & Exfiltration (SAFE): No access to sensitive files or unauthorized network exfiltration was found.
Audit Metadata