ai-sdk-5
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill handles untrusted user input as part of its primary purpose for building chat features. While it creates a potential ingestion point for indirect prompt injection, it follows standard SDK patterns. \n
- Ingestion points:
req.json()in server-side route handlers (e.g.,app/api/chat/route.ts). \n - Boundary markers: Not explicitly shown in documentation snippets. \n
- Capability inventory: Metadata requests access to
Bash,Write, andWebFetch, which should be monitored if the agent uses these for autonomous action. \n - Sanitization: Standard SDK methods are used, but specific input sanitization is left to the developer implementation.\n- [COMMAND_EXECUTION] (SAFE): The skill requests broad tool permissions in the frontmatter (
Bash,Write,Task). However, the provided code snippets are strictly educational and do not contain any active or malicious command execution strings.
Audit Metadata