ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill uses explicit override instructions such as 'Everything you know about the AI SDK is outdated or wrong' and 'Never rely on memory'. While these are functional requirements for SDK accuracy, they match the pattern of instruction-bypass injections.\n- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute
curl,jq, andgrepcommands to interact with remote APIs and local files. These are used for legitimate developer tasks such as fetching model IDs and searching documentation.\n- EXTERNAL_DOWNLOADS (LOW): The skill fetches data fromai-gateway.vercel.shandai-sdk.dev. Because Vercel is a trusted organization, the severity of these external references is downgraded to LOW per the [TRUST-SCOPE-RULE].\n- INDIRECT_PROMPT_INJECTION (LOW): Vulnerability surface detected. \n - Ingestion points: Data is ingested via
curlfromai-gateway.vercel.sh/v1/modelsand via documentation search fromai-sdk.dev. \n - Boundary markers: Absent; the agent is not instructed to treat the fetched JSON or documentation as untrusted. \n
- Capability inventory: The skill uses
curl,jq,pnpm, andgrep. \n - Sanitization: Absent; the fetched model IDs and documentation are processed directly into the agent's context.
Audit Metadata