ai-sdk-core
Build backend AI with Vercel AI SDK v6 stable. Covers Output API (replaces generateObject/streamObject), speech synthesis, transcription, embeddings, MCP tools with security guidance. Includes v4→v5 migration and 15 error solutions with workarounds. Use when: implementing AI SDK v5/v6, migrating versions, troubleshooting AI_APICallError, Workers startup issues, Output API errors, Gemini caching issues, Anthropic tool errors, MCP tools, or stream resumption failures.
81
82%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md shows runtime ingestion of dynamic MCP tool definitions (experimental_createMCPClient -> mcpClient.tools() using an external MCP server/process, e.g., "npx -y @modelcontextprotocol/server-filesystem"), which fetches untrusted third‑party tool definitions that are incorporated into the agent's tools/prompt and can materially alter tool use and agent behavior, enabling indirect prompt injection.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 1.00). The skill invokes an MCP client using a stdio transport that runs "npx -y @modelcontextprotocol/server-filesystem" at runtime, which fetches and executes remote npm package code to supply MCP tool definitions that become part of the agent prompt and thus directly control instructions.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill includes an explicit payment tool example: a tool named "payment" with an inputSchema ({ amount }) and an execute handler whose comment is "process payment". The Tool/Agent guidance also discusses dynamic approval based on payment amount (needsApproval for amount > 1000). Although it doesn't call Stripe/PayPal by name, the tool is explicitly defined to perform payment processing (i.e., move money), so it is specifically designed for financial execution rather than being a generic utility.
- Repository
- jezweb/claude-skills
- Commit
fa91c34
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.