django-drf
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security risks were detected in the analyzed files.
- [PROMPT_INJECTION] (SAFE): The skill does not contain instructions designed to override agent behavior or bypass safety guardrails. All content is educational and instructional in a benign context.
- [DATA_EXFILTRATION] (SAFE): There are no hardcoded secrets, API keys, or unauthorized network operations. The code examples demonstrate secure data handling and prevent information disclosure.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote script downloads (e.g., curl | bash) or dangerous dynamic execution functions (e.g., eval, exec) were found. The examples provided follow standard Django/DRF architectural patterns.
- [INDIRECT_PROMPT_INJECTION] (SAFE):
- Ingestion points: API input parameters described in
references/json-api-conventions.mdandassets/security_patterns.py. - Boundary markers: The documentation focuses on field-level validation and schema enforcement.
- Capability inventory: No subprocess calls or network operations; behavior is limited to data validation and filtering.
- Sanitization: Explicitly demonstrates field-level sanitization (e.g.,
validate_uidinassets/security_patterns.py) and parameterized SQL queries to prevent injection.
Audit Metadata