ai-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
grepandglobcommands to search through local documentation and source files within thenode_modules/ai/and@ai-sdk/directories. This is a legitimate way to provide up-to-date developer support by accessing the code and docs installed in the user's environment. - [EXTERNAL_DOWNLOADS]: The skill references and fetches markdown content from
ai-sdk.dev, which is the official and well-known domain for the Vercel AI SDK. These requests are used to provide the latest API details when local files are unavailable or outdated. - [SAFE]: No evidence of prompt injection, obfuscation, or unauthorized data exfiltration was detected. The reference files use non-sensitive placeholders for API keys and configuration.
Audit Metadata