ai-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates the execution of shell commands (curl, jq, and grep) to fetch model information from a remote API (ai-gateway.vercel.sh) and search local files. Direct shell command execution is a high-risk pattern that can be exploited if the commands are modified or if the outputs contain malicious sequences interpreted by the agent.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8). It explicitly instructs the agent to disregard its training data and rely exclusively on external documentation from ai-sdk.dev. Ingestion points: Documentation files and API search results from ai-sdk.dev. Boundary markers: None. Capability inventory: Package installation (pnpm), code modification/writing, and command execution (curl, jq, grep, typecheck). Sanitization: None. An attacker who controls the remote documentation could trigger unauthorized package installations or malicious code modifications.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill allows for the installation of Node.js packages (ai, @ai-sdk/openai, @ai-sdk/react) via pnpm based on project needs. While these are common packages, the automatic installation triggered by instructions in the skill or documentation presents a security risk if the agent is misled.
Recommendations
- AI detected serious security threats
Audit Metadata