The Agent Skills Directory

Prompt Injection (SAFE): The skill defines a specialist role without any instructions to bypass safety filters or ignore system prompts.- Data Exposure & Exfiltration (SAFE): The code templates correctly utilize configuration objects (settings.SECRET_KEY, settings.DATABASE_URL) and explicitly forbid hardcoding credentials. It also demonstrates best practices for excluding sensitive fields (like passwords) from API responses.- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were detected.- External Downloads & RCE (SAFE): The skill references standard, reputable Python packages (FastAPI, Pydantic, SQLAlchemy, etc.) and does not include any patterns for remote script execution.- Privilege Escalation (SAFE): No use of sudo or modification of system-level permissions.- Persistence Mechanisms (SAFE): The skill focuses solely on application development and does not attempt to modify startup scripts or system tasks.- Indirect Prompt Injection (SAFE): While the skill assists in building APIs that process external data, its instructions heavily prioritize strict schema validation and type safety, which are key defenses against such attacks. It does not provide tools to ingest untrusted data into the agent context itself.

fastapi-expert