fastapi-backend-template

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] The fragment is benign as a project setup template. It does not contain covert data flows, credential exposure, or malicious capabilities. The presence of a GitHub clone URL is normal for templates and does not introduce risk by itself. LLM verification: This file is a setup README for a FastAPI template and does not itself contain executable application code. The main security concerns are operational and supply-chain: (1) Documentation instructs destructive shell commands (rm -rf, mv of hidden files) that can cause accidental data loss and should include explicit warnings and safer alternatives; (2) pip install -r requirements.txt and git clone present standard supply-chain risks — inspect and pin dependencies, verify package hashes, and audit