fastapi
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The code templates demonstrate best practices for configuration management using a
Settingsclass to handle sensitive data likeanthropic_api_key. No hardcoded credentials or unauthorized exfiltration patterns were found. - [Indirect Prompt Injection] (LOW): The skill defines patterns for ingesting external data through API endpoints and WebSockets which could serve as injection surfaces in a live application.
- Ingestion points:
routers/agents.py(POST/GET requests) and the WebSocketreceive_textmethod. - Boundary markers: None present in the provided templates.
- Capability inventory: The templates include service abstractions for LLM interaction (
LLMService) and background task execution. - Sanitization: No explicit sanitization or validation logic beyond standard Pydantic schema validation is included in the templates.
- [Command Execution] (SAFE): Included bash commands are standard instructions for starting Uvicorn and Gunicorn servers. They do not include privilege escalation or suspicious flags.
Audit Metadata