ai-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches model definitions and documentation from well-known and official Vercel services, including ai-gateway.vercel.sh and ai-sdk.dev.
- [COMMAND_EXECUTION]: Instructs the agent to utilize standard CLI tools such as curl, jq, grep, pnpm, and npx to manage dependencies, search local files, and retrieve model metadata.
- [CREDENTIALS_UNSAFE]: References environment variable configurations for authentication using safe placeholders (e.g., 'your_api_key_here') instead of exposing hardcoded secrets.
- [PROMPT_INJECTION]: The skill processes external documentation and source code at runtime, presenting a surface for indirect prompt injection. Ingestion points: local node_modules and ai-sdk.dev. Boundary markers: Absent. Capability inventory: curl, grep, jq, pnpm, npx. Sanitization: Absent.
Audit Metadata