ai-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Network Operations: The skill fetches up-to-date model definitions from the official Vercel AI Gateway at
ai-gateway.vercel.sh. This network access is used to ensure the agent uses the most current model versions and follows vendor best practices. - Development Command Execution: The instructions utilize standard development tools and package managers (such as
pnpm,npm, andnpx) to manage dependencies and run utility scripts like@ai-sdk/devtools. This is expected behavior for a developer-oriented tool. - Local File System Interaction: The skill searches through the project's
node_modulesdirectory using standard utilities likegrepto find current documentation and API definitions. This allows the agent to provide accurate guidance based on the locally installed version of the SDK. - Data Processing Surface: The skill analyzes project metadata, such as
package.json, and processes external model lists to provide tailored implementation advice. While this represents a data ingestion surface, it is necessary for the skill's primary function of providing context-aware guidance.
Audit Metadata