Skills
skills/tambo-ai/tambo/ai-sdk-model-manager/Gen Agent Trust Hub

ai-sdk-model-manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill performs npm install for packages under the @ai-sdk organization. These are managed by Vercel, which is a recognized trusted organization. Per [TRUST-SCOPE-RULE], the risk is downgraded to LOW.
  • [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands, including project-specific test suites (npm run test) and GitHub CLI operations (gh pr create). While standard for developers, these involve executing scripts that could be modified in the local environment.
  • [PROMPT_INJECTION] (LOW): The use of a 'researcher subagent' to pull data from external websites creates an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: External web content fetched during Step 3.
  • Boundary markers: None explicitly specified for the research context.
  • Capability inventory: File writing, npm install, and npm run test execution.
  • Sanitization: No explicit sanitization or filtering of web content before it is proposed for inclusion in the codebase.
  • Mitigation: The skill incorporates a mandatory user approval step (Step 4) and quality checks (Step 8) which act as a human-in-the-loop firewall.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:51 PM