Skills
skills/ghosttypes/ff-5mp-api-py/pydantic-dev/Gen Agent Trust Hub

pydantic-dev

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The documentation describes features that ingest external data (JSON, Python dicts) and map them to types with execution side effects. Ingestion points: model_validate_json (references/examples/files.md), TypeAdapter.validate_python (references/concepts/type_adapter.md). Boundary markers: Absent in example code. Capability inventory: ImportString (references/api/types/ImportString.md), create_model (references/api/base_model/create_model.md). Sanitization: Not demonstrated; documentation explicitly warns about RCE in create_model.
  • [Remote Code Execution] (HIGH): The create_model function and ImportString type provide mechanisms for dynamic code evaluation and module loading. The documentation for create_model.md explicitly warns that it can execute arbitrary code contained in field annotations. ImportString.md demonstrates importing Python objects from strings, which is exploitable if inputs are attacker-controlled.
  • [Dynamic Execution] (MEDIUM): Multiple files describe runtime code generation or dynamic loading. ImportString performs dynamic loading from computed paths. create_model performs dynamic code generation based on annotations. These are documented as features but represent high-risk primitives in an AI agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:03 AM