fastapi
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to override agent behavior, bypass safety filters, or extract system prompts were detected in the documentation or code comments.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or access to sensitive local file paths (e.g., ~/.ssh) were found. The secret keys used in templates are clearly marked as placeholders for production use.
- Obfuscation (SAFE): The code and documentation are written in plain text without any use of Base64 encoding, zero-width characters, or homoglyph-based evasion techniques.
- Unverifiable Dependencies & Remote Code Execution (SAFE): All dependencies listed in pyproject.toml and the README are standard, well-maintained libraries from the Python ecosystem. No use of dynamic code execution (eval/exec) or piped remote script installation was detected.
- Indirect Prompt Injection (LOW): The skill defines an API surface that ingests untrusted user data (e.g., user registration and login). While this is an attack surface, the skill uses standard Pydantic validation and password hashing (bcrypt), which are appropriate safeguards for this architecture.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify system startup files, cron jobs, or shell profiles.
Audit Metadata