FastAPI Real-Time Features
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input through WebSockets and Email templates, which establishes a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the websocket_endpoint (through handle_message), file uploads (via upload_file), and email rendering (via context variables in EmailService.send).
- Boundary markers: The implementation lacks explicit delimiters or specific instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill includes scripts with capabilities for S3 bucket operations (upload and delete), SMTP email transmission, and real-time message broadcasting to all connected users.
- Sanitization: While basic validation for file size and content types is present, the Jinja2 environment is not explicitly configured with auto-escaping, and WebSocket message content is broadcast to rooms without filtering or sanitization.
Audit Metadata