fastapi-setup
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The Troubleshooting section contains the command
curl -LsSf https://astral.sh/uv/install.sh | sh. This 'curl pipe to sh' pattern executes remote code on the host system without prior verification or integrity checks. Because the source domain (astral.sh) is not on the trusted organizations list, this is classified as a high-risk finding. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses
uv addto install numerous packages from the Python Package Index (PyPI), including fastapi, sqlmodel, and alembic. Dynamic installation of third-party code introduces supply-chain risks. - [CREDENTIALS_UNSAFE] (SAFE): The
.env.examplefile contains placeholder credentials likeuser:password. These are clearly documentation templates and do not represent a leak of active sensitive credentials.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata