ai-integration-generator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill generates boilerplate code for AI integrations using the Vercel AI SDK. All external package references, such as
ai,@ai-sdk/openai, and@ai-sdk/anthropic, target well-known and trusted technology services from the Vercel ecosystem.\n- [PROMPT_INJECTION]: The generated code patterns for chat and RAG (Retrieval-Augmented Generation) create an indirect prompt injection surface as they involve processing untrusted input.\n - Ingestion points: User-provided messages in
app/api/chat/route.tsand retrieved database context in the RAG pattern example withinSKILL.md.\n - Boundary markers: The provided templates lack strong delimiters (e.g., XML tags) to isolate the untrusted context within the system prompt.\n
- Capability inventory: The generated routes possess capabilities for database access (via Prisma) and tool execution if tools are defined.\n
- Sanitization: No specific validation or escaping of the retrieved context or user messages is implemented in the boilerplate examples.
Audit Metadata