ai-serving-apis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill templates establish a vulnerable surface by processing untrusted data from external API callers and passing it to a language model.
- Ingestion points:
QueryRequest.queryinserver.py,SearchRequest.questionandClassifyRequest.textinexamples.mdare all entry points for untrusted user input. - Boundary markers: Absent. Input is interpolated directly into the DSPy program call (e.g.,
program(query=request.query)). - Capability inventory: The skill possesses network capability via
dspy.LMto communicate with LLM providers and returns the generated output to the caller (external output). - Sanitization: Absent. No filtering or validation is performed on the input string beyond basic length checks.
- Unsafe Configuration Override (LOW): The
queryandsearchendpoints allow callers to override themodelandtemperaturevia the request body. While functional, this allows unauthenticated users to potentially use more expensive models or force the model into unstable configurations if the API is exposed without an authentication layer.
Audit Metadata