vercel-ai-sdk-v5
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The skill contains technical documentation and architectural patterns without any instructions designed to override agent behavior or bypass safety protocols.
- Data Exposure & Exfiltration (SAFE): While the documentation discusses database persistence (PostgreSQL/Drizzle) and server-side secrets, it does not contain hardcoded credentials, sensitive file access, or unauthorized network exfiltration.
- External Downloads & Dependencies (SAFE): The skill references official and trusted packages including 'ai', '@ai-sdk/react', and '@ai-sdk/anthropic' from Vercel. No untrusted remote scripts or execution patterns were found.
- Command Execution (SAFE): The provided code snippets are limited to standard TypeScript/React patterns for the AI SDK. There are no patterns for arbitrary shell command execution or system-level manipulation.
Audit Metadata