Skills
skills/secondsky/claude-skills/ai-sdk-core/Gen Agent Trust Hub

ai-sdk-core

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill templates facilitate the interpolation of untrusted user data into AI prompts (as seen in templates/cloudflare-worker-integration.ts and templates/nextjs-server-action.ts), creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data is ingested via API request bodies and function arguments.
  • Boundary markers: Basic templates lack explicit delimiters to separate user input from system instructions.
  • Capability inventory: The skill demonstrates the use of tools capable of making network requests (e.g., fetch in references/tools-and-agents.md).
  • Sanitization: The skill proactively addresses this risk by including a sanitizePrompt function in references/production-patterns.md as a recommended best practice.
  • [EXTERNAL_DOWNLOADS]: Correctly references official packages and documentation from trusted organizations such as Vercel, OpenAI, Anthropic, Google, and Cloudflare.
  • [COMMAND_EXECUTION]: Uses standard development commands for package management (npm, bun) and includes instructions for using the official Vercel migration utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:28 PM