fastapi-builder
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_EXECUTION]: The skill contains scripts (
scripts/init_project.py,scripts/generate_crud.py) that perform automated code generation. These scripts take user-provided inputs (such as project names, model names, and field types) and interpolate them into Python source code templates which are then written to the filesystem. This behavior is the primary intended function of the tool, serving to bootstrap professional FastAPI projects. - [INDIRECT_PROMPT_INJECTION]: The code generation logic creates a surface for potential injection as user-provided strings are directly interpolated into executable Python files without sanitization.
- Ingestion points: CLI arguments passed to
scripts/init_project.pyandscripts/generate_crud.py(e.g., project names, model names). - Boundary markers: None identified in the generated templates.
- Capability inventory: The scripts have the capability to write Python source files to the local filesystem using
Path.write_text. - Sanitization: No escaping or validation is performed on the input strings before they are embedded into the generated Python code.
Audit Metadata