skills/vercel-labs/ai/ai-sdk/Gen Agent Trust Hub

ai-sdk

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Command Execution]: The skill uses curl to retrieve model listings from the Vercel AI Gateway and grep to search within the project's node_modules. These commands are used to provide the agent with the most current model IDs and API documentation.
  • [Package Installation]: The instructions include standard package management commands like pnpm add to install the official ai package and npx to run developer tools. These actions are limited to official Vercel-maintained software.
  • [Indirect Prompt Injection Surface]: The agent is instructed to search for information in local source code and remote documentation at ai-sdk.dev. This pattern is a standard documentation-lookup method but represents a surface for indirect instructions. Ingestion points: Local node_modules and the ai-sdk.dev website. Boundary markers: None. Capability inventory: curl, grep, pnpm, and npx. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 06:19 PM