fastapi
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a web API template that ingests untrusted data via JSON and Form inputs, establishing a surface for indirect prompt injection.\n
- Ingestion points: Data enters the system via
schemas.UserCreate,schemas.ItemCreate, andOAuth2PasswordRequestFormin router files (e.g.,src/auth/router.py).\n - Boundary markers: The skill emphasizes the use of Pydantic schemas with explicit validation constraints (e.g.,
Field,min_length,EmailStr,gt=0) to validate and delimit input data.\n - Capability inventory: Capabilities are restricted to standard API operations: database interactions via SQLAlchemy, JWT token operations, and password hashing; no arbitrary command execution or dynamic code evaluation is present.\n
- Sanitization: Input validation and sanitization are handled via Pydantic's type system and custom validators before processing.\n- [EXTERNAL_DOWNLOADS]: The skill manages dependencies using the standard
uvpackage manager and official Python registries.\n - Packages: It utilizes well-known libraries including
fastapi,sqlalchemy,aiosqlite,python-jose,passlib, andpydantic-settings.\n - Source: All referenced dependencies and tools are industry-standard for the FastAPI ecosystem and do not originate from unknown or suspicious sources.
Audit Metadata