ai-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- Standard Package Installation: The skill references several official Vercel AI SDK packages (e.g.,
ai,@ai-sdk/react,@ai-sdk/mcp) for installation via standard package managers like npm and pnpm. This is expected behavior for developer documentation and targets verified vendor namespaces. - Environment Configuration: The skill documentation mentions managing environment variables like
VERCEL_OIDC_TOKENvia thevercel env pullcommand. This is a standard workflow for authenticating with Vercel's infrastructure and helps avoid hardcoding sensitive API keys. - Tool and Agent Capabilities: It demonstrates tool calling, agentic loops, and dynamic tool discovery via the Model Context Protocol (MCP). These functionalities are core features of the SDK and are used within the context of building AI applications.
- External Service Integration: Provides examples of integrating with MCP servers and various LLM providers (OpenAI, Anthropic, Google, etc.) through the AI Gateway. These integrations use established protocols and official provider SDKs.
Audit Metadata