Skills
skills/eng0ai/eng0-template-skills/fastapi-fullstack/Gen Agent Trust Hub

fastapi-fullstack

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill clones a repository from https://github.com/tiangolo/full-stack-fastapi-template.git. Since this repository is not part of the specified trusted organizations, it is treated as an unverifiable external dependency.
  • COMMAND_EXECUTION (MEDIUM): The setup process involves running pip install -r requirements.txt and docker compose up -d against files from the cloned repository. This allows for the execution of arbitrary scripts or binary packages defined by an external party.
  • PROMPT_INJECTION (LOW): The skill facilitates an indirect prompt injection surface. 1. Ingestion points: The entire directory structure of the cloned repository. 2. Boundary markers: None. 3. Capability inventory: pip install, docker compose, and uvicorn. 4. Sanitization: None.
  • DATA_EXPOSURE & EXFILTRATION (SAFE): No patterns of sensitive file access or network exfiltration of local data were detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM