api-design-principles
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The provided Python script
assets/rest-api-template.pycontains a standarduvicorn.run()call for local testing purposes. This is common for boilerplate API code and does not execute arbitrary or malicious commands. - EXTERNAL_DOWNLOADS (SAFE): No remote scripts or binary downloads are initiated by the skill. All dependencies mentioned (FastAPI, Pydantic, etc.) are standard Python packages for the stated purpose.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded API keys, tokens, or private secrets were found. The templates use placeholder patterns like 'your-api-key-here' or 'TODO' comments for production security configurations.
- DATA_EXFILTRATION (SAFE): The skill does not access sensitive local file paths (like ~/.ssh or ~/.aws) and does not perform any outbound network requests to untrusted domains.
- PROMPT_INJECTION (SAFE): No instructions designed to override agent behavior or bypass safety filters were detected in the markdown files.
Audit Metadata