pydantic-ai
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The documentation describes agents that ingest untrusted external data via tools such as
WebSearchToolandWebFetchTool, creating an attack surface for indirect prompt injection. - Ingestion points: Untrusted data enters the agent context through search results and web content fetching as described in
references/tools.mdandreferences/tools.md. - Boundary markers: There is no documentation regarding the use of delimiters or instructions to prevent the agent from executing commands found within processed data.
- Capability inventory: The framework allows for high-privilege actions including subprocess execution via
MCPServerStdioand provider-native code execution tools. - Sanitization: The documentation does not specify methods for sanitizing or validating external content before it is processed by the model.
- [SAFE]: The metadata in
SKILL.mdincludes a future release date and fictional model versions. While synthetic, this does not appear to be an attempt at malicious deception or phishing.
Audit Metadata