ai-sdk-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script
scripts/check-versions.shthat executesnpmcommands to query package metadata. - Evidence: The script runs
npm listandnpm viewto verify the local versions ofai,@ai-sdk/openai, and other dependencies against the npm registry. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and rendering data provided by external AI models.
- Ingestion points:
templates/nextjs-chat-app-router.tsx,templates/custom-message-renderer.tsx, andtemplates/use-chat-tools.tsx(all process themessagesarray containing model output). - Boundary markers: Absent; templates do not implement specific delimiters or instructions for the agent to ignore potentially malicious instructions embedded in model responses.
- Capability inventory: The skill has local storage access via
localStorageintemplates/message-persistence.tsxand can make outbound API calls via theuseChathook. - Sanitization: Employs
react-markdownin the custom renderer template, though it provides a commented-out example that utilizesdangerouslySetInnerHTML.
Audit Metadata