pydantic-ai-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The file 'references/providers.md' contains a shell command for installing Ollama using a piped remote script ('curl -fsSL https://ollama.com/install.sh | sh'). This is a remote code execution pattern that bypasses package manager verification.
- PROMPT_INJECTION (LOW): The architecture described in 'references/architecture.md' (Category 8) creates a surface for indirect prompt injection by processing untrusted user prompts through agents with functional tool access. * Ingestion points: The 'prompt' parameter in 'AgentService.chat' and 'AgentService.stream_chat'. * Boundary markers: No explicit delimiter or 'ignore embedded instructions' markers are present in the reference system prompt logic. * Capability inventory: The design includes 'ToolCollection' and 'ToolRegistry' which bind services like 'DatabaseService.query' and 'MyService.process' to agent actions. * Sanitization: There is no evidence of input validation or output sanitization in the provided architectural patterns.
Audit Metadata