fastapi-microservices-development

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is largely legitimate FastAPI examples but includes high-risk insecure patterns — notably untrusted pickle deserialization from Redis (possible remote code execution), hard-coded secrets and some unsafe practices — though I found no explicit backdoor, covert exfiltration code, or obfuscated payloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes endpoints that ingest and process untrusted user-generated content—e.g., file_upload.py's /upload and /upload-multiple (UploadFile saved and processed) and websocket_chat.py's WebSocket endpoints that receive and broadcast arbitrary client messages—so the agent would read/handle third-party content as part of runtime behavior.