vercel-ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to override agent behavior or bypass safety filters were detected. The content is purely technical documentation.
- [Data Exposure & Exfiltration] (SAFE): Analysis found no evidence of hardcoded credentials, access to sensitive local file paths (like SSH keys or environment variables), or unauthorized data transmission.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill mentions '@ai-sdk/react' and 'ai' packages. These belong to the Vercel organization, which is a trusted entity. No patterns for downloading and executing untrusted remote scripts were found.
- [Obfuscation] (SAFE): No Base64 encoding, zero-width characters, homoglyphs, or other techniques to hide malicious intent were identified.
- [Command Execution] (SAFE): No usage of system commands, shell spawning, or arbitrary code execution was found within the provided documentation.
Audit Metadata