api-design-principles
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [DATA_EXPOSURE] (LOW): The FastAPI template in
assets/rest-api-template.pyuses permissive defaults for CORS (allow_origins=["*"]) and Trusted Hosts (allowed_hosts=["*"]). While these are common for development templates and include explicit 'TODO' comments for production configuration, they represent a minor security best-practice violation in a production context. - [COMMAND_EXECUTION] (SAFE): The Python code in
assets/rest-api-template.pyandreferences/graphql-schema-design.mduses standard library and framework features for API serving and validation. No arbitrary command execution or shell injection points were detected. - [PROMPT_INJECTION] (SAFE): The markdown files contain structured checklists and documentation. No instructional text was found that attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [INDIRECT_PROMPT_INJECTION] (INFO): The API templates define data ingestion surfaces (HTTP endpoints and GraphQL resolvers). However, the skill provides these as defensive templates (e.g., using Pydantic for validation and complexity limits for GraphQL) rather than processing untrusted data itself.
Audit Metadata