Skills
skills/vijaykpatel/favorite_skills_and_plugins/ai-sdk/Gen Agent Trust Hub

ai-sdk

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill uses directive language such as 'Everything you know about the AI SDK is outdated or wrong' and 'Never rely on memory' to override the agent's pre-trained knowledge. While intended for accuracy, this mirrors prompt injection patterns used to bypass internal constraints.
  • [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run local shell commands including grep for searching files and pnpm add for package management. It also specifies a complex curl | jq pipeline to retrieve and parse model IDs from a remote endpoint.
  • [EXTERNAL_DOWNLOADS] (LOW): The agent is directed to perform network requests to https://ai-gateway.vercel.sh/v1/models and download the ai package from the npm registry. As Vercel is a trusted organization, these findings are downgraded according to the TRUST-SCOPE-RULE.
  • [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection exists via the processing of external model data.
  • Ingestion points: https://ai-gateway.vercel.sh/v1/models referenced in SKILL.md and references/ai-gateway.md.
  • Boundary markers: Absent; the agent is instructed to parse the raw JSON output directly with jq.
  • Capability inventory: The skill has access to shell execution (curl, pnpm, grep) and filesystem interaction.
  • Sanitization: None; the agent assumes the remote JSON structure and content are safe and accurate.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 04:23 PM