python-backend-development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Architecture] (SAFE): The skill defines a clean, layered architecture (Router → Service → Repository → Model) for FastAPI applications. It provides high-quality boilerplate code that follows modern Python development standards.
- [Security Practices] (SAFE): Explicitly enforces security-first patterns including Argon2id for password hashing, Pydantic for input validation, and SQLAlchemy ORM for parameterized query execution to prevent SQL injection.
- [Command Execution] (LOW): The skill allows the
Bashtool and provides instructions for managing database migrations via Alembic. While this allows local command execution, the patterns provided are standard development workflows and do not include suspicious or obfuscated scripts. - [Data Exposure] (SAFE): No hardcoded secrets or sensitive data exfiltration patterns were detected. Configuration examples, such as the
alembic.inidatabase URL, use clear placeholders (user:pass@localhost). - [Indirect Prompt Injection] (LOW): As a code-generation skill that reads and edits local files, it has a surface for indirect prompt injection if processing untrusted files. However, it does not provide methods to automatically execute untrusted data or communicate with external network endpoints beyond standard development tools.
Audit Metadata