ai-sdk
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that explicitly command the AI to disregard its internal training data and previous knowledge regarding the AI SDK (e.g., "Everything you know about the AI SDK is outdated or wrong" and "Never rely on memory"). While intended to ensure technical accuracy, this is a form of behavioral override.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration data from the Vercel AI Gateway (
ai-gateway.vercel.sh) and provides instructions to install official Node.js packages such asaiand@ai-sdk/devtools. These operations target official services and documentation associated with the Vercel AI ecosystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of fetching and processing external data.
- Ingestion points: Technical documentation and search results are retrieved from the
ai-sdk.devAPI and localnode_modulesdocumentation paths. - Boundary markers: The instructions do not define specific delimiters or "ignore embedded instructions" warnings when interpolating retrieved documentation into the prompt context.
- Capability inventory: The agent has capabilities to perform package installations (
pnpm,npm), execute shell commands (curl,jq), and run local developer tools (npx). - Sanitization: No explicit validation or filtering mechanisms are defined for the content retrieved from external search results before it is processed by the model.
Audit Metadata