Rules
All ESLint security rules provided by eslint-plugin-vercel-ai-security
19 Security Rules
Comprehensive coverage of Vercel AI SDK security including prompt injection, output handling, and tool safety.
All Rules
| Rule | 🧠 | 💼 | 🔧 | 💡 | ⚠️ | Docs |
|---|---|---|---|---|---|---|
| no-dynamic-system-prompt This rule identifies code patterns where system prompts contain dynamic or user-controlled content | 🟢 | |||||
| no-hardcoded-api-keys This rule identifies hardcoded API keys, tokens, and secrets in your codebase that are used with AI SDK providers | 🟢 | |||||
| no-sensitive-in-prompt This rule identifies code patterns where sensitive data like passwords, API keys, tokens, or personally identifiable ... | 🟢 | |||||
| no-system-prompt-leak This rule identifies code patterns where system prompts or AI instructions are returned in API responses, logged, or ... | 🟢 | |||||
| no-training-data-exposure This rule identifies code patterns where user data might be sent to LLM training endpoints or when training data coll... | 🟢 | |||||
| no-unsafe-output-handling This rule identifies code patterns where AI-generated output is passed directly to dangerous functions that can execu... | 🟢 | |||||
| require-abort-signal This rule identifies streaming AI SDK calls (streamText, streamObject) that don't include an AbortSignal for cancella... | 🟢 | |||||
| require-audit-logging This rule identifies AI SDK calls that aren't preceded by logging statements | 🟢 | |||||
| require-embedding-validation This rule identifies code patterns where embeddings are stored in vector databases without validation. | 🟢 | |||||
| require-error-handling This rule identifies AI SDK calls that aren't wrapped in try-catch blocks | 🟢 | |||||
| require-max-steps This rule identifies AI SDK calls that use tools but don't specify a maxSteps limit | 🟢 | |||||
| require-max-tokens This rule identifies AI SDK calls that don't specify a maxTokens limit | 🟢 | |||||
| require-output-filtering This rule identifies tool execute functions that return raw data from data sources (databases, APIs, file systems) wi... | 🟢 | |||||
| require-output-validation This rule identifies code patterns where AI-generated output is displayed to users without validation or fact-checking. | 🟢 | |||||
| require-rag-content-validation This rule identifies code patterns where content retrieved from vector stores or document retrieval systems is used d... | 🟢 | |||||
| require-request-timeout This rule identifies AI SDK calls that don't have timeout or abort signal configuration. | 🟢 | |||||
| require-tool-confirmation This rule identifies destructive tools (delete, transfer, execute, etc.) that don't require human confirmation before... | 🟢 | |||||
| require-tool-schema Get weather | 🟢 | |||||
| require-validated-prompt This rule identifies code patterns where user-controlled input is passed directly to AI prompts without validation or... | 🟢 |
Rule Categories
Prompt Injection Prevention
Rules detecting dynamic system prompts, sensitive data in prompts, and system prompt leaks.
Output Security
Rules requiring output validation, filtering, and safe handling of AI responses.
Tool & Function Safety
Rules requiring tool confirmation, schema validation, and proper error handling.
Resource Limits
Rules enforcing max tokens, max steps, request timeouts, and abort signals.
Audit & Compliance
Rules requiring audit logging and RAG content validation.