fastapi-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The script 'scripts/run_ruff.py' performs an automated installation of the 'ruff' package from PyPI if it is missing from the environment. While 'ruff' is a reputable industry-standard tool, automated package installation represents an external dependency download.
- COMMAND_EXECUTION (LOW): The script 'scripts/run_ruff.py' executes system commands via 'subprocess.run' to perform linting and formatting on the local codebase. This is limited to the 'ruff' binary.
- PROMPT_INJECTION (LOW): The skill provides a surface for indirect prompt injection as it is designed to ingest and process codebase data while possessing command-execution capabilities (via the ruff script) without explicit boundary markers or instructions to ignore embedded prompts. Evidence Chain: 1. Ingestion points: codebase files processed by the agent; 2. Boundary markers: absent; 3. Capability: command execution in 'scripts/run_ruff.py'; 4. Sanitization: absent.
Audit Metadata