Skills
skills/shmlaiq/task-managment-api/fastapi/Gen Agent Trust Hub

fastapi

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through its file handling examples in references/advanced.md.
  • Ingestion points: The {filename} path parameter in the /download/{filename} endpoint accepts arbitrary string input from users.
  • Boundary markers: No delimiters or directory-restriction logic is included in the example code to ensure the path remains within the intended files/ directory.
  • Capability inventory: The skill demonstrates file-read capabilities using open(file_path, "rb") and StreamingResponse.
  • Sanitization: The provided example file_path = Path(f"files/{filename}") lacks sanitization or validation of the filename parameter, making it susceptible to path traversal attacks (e.g., inputting ../../etc/passwd to read sensitive system files).
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 25, 2026, 10:49 AM