ai-sdk-ui-master
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill documents a system architecture for processing user input through agents with powerful tool access. Ingestion points: User input is received via the useChat hook and Next.js API routes (app/api/chat/route.ts). Boundary markers: The provided documentation and code templates do not include explicit delimiters or instructions to ignore embedded prompts in processed messages. Capability inventory: The documented stack includes high-privilege tools such as execa-tool.tsx (shell command execution), github-tools.tsx (repository management), and browser-tool.tsx (automated web interaction). Sanitization: The documentation lacks specific instructions or logic for sanitizing or validating user input before it is interpolated into agent prompts or passed to tools.
- [NO_CODE]: The skill consists entirely of markdown documentation and configuration references with no executable scripts or binaries included.
Audit Metadata