ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands including
curl,jq,grep, andnpxto fetch model lists, search local documentation innode_modules, and launch development tools. These operations are consistent with the skill's primary purpose of supporting AI SDK development. - [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to
https://ai-gateway.vercel.shandhttps://ai-sdk.devto retrieve current API metadata and documentation. It also recommends installing packages from the@ai-sdkscope. These targets are recognized as trusted external sources associated with Vercel. - [DATA_EXFILTRATION] (SAFE): No patterns of sensitive data exposure or exfiltration were detected. Network operations are focused on retrieving public information and do not involve sensitive local files like SSH keys or environment secrets.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a vulnerability surface by ingesting external data from documentation APIs and local library files while having shell execution capabilities. However, the risk is mitigated by the trusted nature of the sources.
- Ingestion points:
node_modules/ai/docs/,https://ai-sdk.dev/api/search-docs. - Boundary markers: Absent.
- Capability inventory:
curl,jq,grep,pnpm,npx. - Sanitization: Absent.
Audit Metadata