The Agent Skills Directory

Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior or bypass safety guidelines.- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. The use of variables like SECRET_KEY in code snippets is standard practice for configuration.- Remote Code Execution (SAFE): The skill does not perform any downloads or execution of remote scripts from untrusted sources.- Indirect Prompt Injection (LOW): While the skill defines endpoints that ingest untrusted data (path, query, and body parameters), it mitigates injection risks by using Pydantic for strict schema validation and SQLAlchemy for parameterized database queries.- Obfuscation (SAFE): No Base64 encoding, zero-width characters, or other obfuscation techniques were identified.- Dynamic Execution (SAFE): No use of eval(), exec(), or other dynamic code execution methods on untrusted data was found.

building-fastapi-apis