ai-sdk-model-manager
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Updates AI SDK packages including @ai-sdk/openai, @ai-sdk/google, and others from the npm registry. These are well-known, official packages from a trusted organization.- [COMMAND_EXECUTION]: Executes shell commands to manage node packages, inspect TypeScript definitions, and interact with GitHub via
gh pr create. These actions are legitimate and necessary for the skill's stated purpose of automating repository maintenance.- [PROMPT_INJECTION]: Contains an indirect prompt injection surface through the ingestion of external data from web-based research subagents used to update source files. - Ingestion points: Research results gathered from the web in Step 3.
- Boundary markers: None explicitly defined in the prompt instructions; however, Step 4 introduces a human-in-the-loop checkpoint which significantly mitigates the risk of automated misbehavior.
- Capability inventory: The skill has the ability to modify project source code, update documentation, and manage dependencies.
- Sanitization: No explicit sanitization steps are described for the external data before it is used to generate TypeScript code snippets.
Audit Metadata