Skills
skills/0xdarkmatter/claude-mods/python-fastapi-patterns/Gen Agent Trust Hub

python-fastapi-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): Hardcoded database credentials in application template.
  • Evidence: In assets/fastapi-template.py, the Settings class provides a default database_url of "postgresql+asyncpg://user:pass@localhost/db".
  • Risk: Developers using this template might deploy applications with default credentials, allowing unauthorized database access.
  • [CREDENTIALS_UNSAFE] (HIGH): Hardcoded API key in dependency injection example.
  • Evidence: In references/dependency-injection.md, the get_api_key function uses a hardcoded comparison: if x_api_key != "secret":.
  • Risk: If copied as-is, this creates a vulnerability where the application is protected by a well-known, insecure password.
  • [DATA_EXFILTRATION] (LOW): Permissive CORS configuration in debug mode.
  • Evidence: assets/fastapi-template.py allows all origins ("*") when the application is in debug mode.
  • Risk: This encourages insecure configurations that could lead to data exposure if debug mode is accidentally enabled in production.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:01 PM