fastapi-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses a standard attack surface for indirect prompt injection. \n
- Ingestion points: User-provided code snippets and development instructions processed for API creation. \n
- Boundary markers: Absent; no specific delimiters or ignore-instruction warnings are present to isolate untrusted user data. \n
- Capability inventory: Access to Bash (python, pip, uvicorn), Read, Write, and Edit tools. \n
- Sanitization: Absent; no explicit sanitization of input before processing or tool execution. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill allows the use of pip for package installation. While essential for the primary purpose of a FastAPI expert, it carries a risk of installing unverifiable or malicious dependencies. \n- [COMMAND_EXECUTION] (LOW): The skill permits running python scripts and uvicorn servers. This capability is downgraded from MEDIUM to LOW as it is required for the intended purpose of web development and testing.
Audit Metadata