ai-gateway
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@vesely/ai-gateway-clipackage from the NPM registry. This package is provided by the same author as the skill ('Vesely') and is a legitimate vendor resource.- [COMMAND_EXECUTION]: The skill executes theai-gatewayCLI to perform content generation. This is the primary intended function of the skill.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it supports piping external file content directly into the generator tool (e.g.,cat file.md | ai-gateway ...). - Ingestion points: External file content via stdin (mentioned in
SKILL.md). - Boundary markers: None provided in instructions or command templates.
- Capability inventory: Executes generation commands; no file-write or network-send capabilities beyond those of the specific generation tool.
- Sanitization: No sanitization of the piped input is performed by the skill instructions.
Audit Metadata