FastAPI Modern Web Development
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a code example for loading machine learning models using
torch.load(). This function relies on thepicklemodule for deserialization, which can be exploited to execute arbitrary code if the loaded file (model.pth) is maliciously crafted. - [PROMPT_INJECTION]: The skill describes an architecture for 'ML/AI Endpoint Design' that accepts untrusted text input via
PredictionRequest.textand passes it directly to model prediction logic. This creates a surface for indirect prompt injection attacks. Evidence chain: - Ingestion points: Untrusted data enters via the
textfield inPredictionRequestand theUploadFileparameter inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the code examples.
- Capability inventory: The skill demonstrates capabilities for network requests (using
httpx) and file system writes (usingaiofiles). - Sanitization: No sanitization or safety-specific filtering of the input text is provided beyond basic length validation.
- [PROMPT_INJECTION]: A metadata discrepancy exists between the expected author ('bobmatnyc') and the author specified in the skill's YAML frontmatter ('mcp-skillset'), which could indicate deceptive or misleading metadata.
Audit Metadata