The skill allows arbitrary code execution and file system writes,
Claims to do
AI Functions Examples: The `examples/ai-functions/` directory contains scripts for validating, testing, and iterating on AI SDK functions across providers.
Actually does
This skill provides documentation and a framework for developing and running TypeScript examples that utilize the AI SDK. These examples, executed via `pnpm tsx`, interact with various AI provider APIs (e.g., OpenAI, Google, Amazon Bedrock) for tasks like text generation, object generation, embeddings, image generation, speech generation, transcription, and reranking, loading configurations from `.env` files. It includes utilities for error handling, streaming output, and saving generated media.
npx skills add https://github.com/vercel/ai --skill develop-ai-functions-exampleThe skill is designed for 'creating, running, or modifying examples' using `pnpm tsx` to execute TypeScript files and defining tools with arbitrary `execute` functions. This capability, if exploited, allows an attacker to inject and execute arbitrary code, leading to potential system compromise, reverse shells, or data manipulation.
description: Develop examples for AI SDK functions. Use when creating, running, or modifying examples under examples/ai-functions/src; pnpm tsx src/generate-text/openai.ts; execute: async ({ param }) => { ... }The `run.ts` utility, used by all examples, loads environment variables from `.env` files. This exposes potentially sensitive credentials or API keys to any executed script or tool, creating a risk of credential theft if an attacker can control the executed code.
`run.ts` which: - Loads environment variables from `.env`
Utilities like `save-raw-chunks.ts` and `save-audio.ts` enable writing data directly to the file system. This capability could be abused for data exfiltration, persistence, or data destruction if an attacker can manipulate the content or destination of these write operations.
`save-raw-chunks.ts | Save streaming chunks for test fixtures`, `save-audio.ts | Save audio files to disk`
[](https://mondoo.com/ai-agent-security/skills/github/vercel/ai/develop-ai-functions-example)<a href="https://mondoo.com/ai-agent-security/skills/github/vercel/ai/develop-ai-functions-example"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/develop-ai-functions-example.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/develop-ai-functions-example.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.