The Agent Skills Directory

Dynamic Execution (MEDIUM): The script scripts/generate_openapi.py uses importlib to dynamically load and execute Python modules from a user-provided file path. Specifically, spec.loader.exec_module(module) is called on the resolved path of the target application. While this is necessary for extracting OpenAPI schemas from FastAPI instances without running a server, it allows for the execution of arbitrary code if the target file is malicious.
Network Operations (LOW): The scripts/benchmark_endpoints.py utility uses aiohttp to perform a large volume of concurrent network requests to a user-specified base URL. This is intended behavior for a load-testing tool but could be misused for simple denial-of-service tests or internal network scanning if used by an agent without oversight.
Safe Credential Practices (SAFE): The .env.example file and README documentation correctly use placeholders such as your-secret-key-here and postgresql://user:pass@localhost:5432/db for configuration, ensuring no actual secrets are exposed in the repository.

implementing-api-patterns