ai-sdk-6
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The documentation provides examples of dynamic prompt construction using string interpolation in references/agents.md and references/workflows.md, creating an indirect prompt injection surface.
- Ingestion points: User-provided inputs in 'options.userId' (references/agents.md) and 'query' (references/workflows.md).
- Boundary markers: Examples lack delimiters or explicit instructions to ignore embedded content.
- Capability inventory: Tool examples include file system operations ('fs.unlink') and expression evaluation ('mathjs.evaluate') in references/tools.md.
- Sanitization: Absent in the provided code snippets.
- [COMMAND_EXECUTION]: Example tool definitions in references/tools.md demonstrate capabilities that interact with the host environment, such as 'fs.unlink' for file deletion and 'mathjs.evaluate' for mathematical expression processing. While presented as illustrative examples, these represent significant execution surfaces.
- [EXTERNAL_DOWNLOADS]: The guide references installation of official packages including 'ai', '@ai-sdk/anthropic', and 'zod' from standard registries. These are recognized as resources from trusted organizations.
Audit Metadata