ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to install packages such as
ai,@ai-sdk/openai, and@ai-sdk/devtoolsusing project package managers. These originate from Vercel, a trusted organization. - [COMMAND_EXECUTION] (LOW): The skill contains commands to fetch model lists (
curl https://ai-gateway.vercel.sh/v1/models) and process the output withjq. It also suggests usinggrepto search localnode_modules. These operations are limited to the skill's primary purpose of providing AI SDK support. - [PROMPT_INJECTION] (LOW): Includes instructions to 'disregard internal knowledge' ('Everything you know about the AI SDK is outdated or wrong'). While this matches override patterns, it is used here to prioritize current documentation over potentially stale model training data.
- [INDIRECT PROMPT INJECTION] (LOW): The skill identifies a surface for indirect prompt injection by ingesting data from
node_modulesand theai-sdk.devwebsite. - Ingestion points: Reads local files in
node_modules/ai/and fetches documentation fromhttps://ai-sdk.dev. - Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the documentation it reads.
- Capability inventory: Can execute shell commands (
grep,curl,jq) and install packages (pnpm,npm,npx). - Sanitization: Absent. Documentation content is processed directly for answering queries.
Audit Metadata