integrating-ai
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install several Node.js packages, including 'ai', '@ai-sdk/openai', and '@ai-sdk/anthropic'. These packages are maintained by Vercel, which is a trusted organization, and are recognized as standard dependencies for AI integrations.
- [PROMPT_INJECTION]: The skill provides boilerplate code for an API route that processes user-provided chat messages. While standard for chat applications, it identifies a vulnerability surface for indirect prompt injection. \n\t- Ingestion points: User-provided data enters the system through the 'req.json()' call in 'app/api/chat/route.ts'. \n\t- Boundary markers: None are present in the provided code snippets. \n\t- Capability inventory: The implementation performs network requests to AI model providers via the 'streamText' function. \n\t- Sanitization: No explicit input sanitization or validation is included in the example code, representing a standard surface for indirect injection in the final application.
Audit Metadata