netlify-ai-gateway
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The provided code examples for Netlify Functions include a pattern where user-supplied input is passed directly to AI model providers. This represents a potential surface for indirect prompt injection.
- Ingestion points: The 'prompt' field extracted from 'req.json()' in the Netlify Function example within SKILL.md.
- Boundary markers: None are present in the provided code snippets.
- Capability inventory: The skill enables interaction with external AI APIs (OpenAI, Anthropic, Google) via their SDKs.
- Sanitization: No sanitization or validation logic is included in the documentation examples, which is common for instructional code snippets.
- [EXTERNAL_DOWNLOADS]: The skill instructions include commands to install standard, official SDKs from reputable AI providers via the npm package manager.
- Mentions installation of 'openai', '@anthropic-ai/sdk', and '@google/generative-ai'.
Audit Metadata