pydantic-ai
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill provides documentation and examples for PydanticAI, a reputable Python library for building AI agents. It follows secure coding practices by advising against hardcoding credentials.
- [DATA_EXFILTRATION]: No data exfiltration risks were identified. Examples demonstrate fetching data from the well-known weather service 'wttr.in' without exposing sensitive information.
- [PROMPT_INJECTION]: The skill facilitates the development of agents that handle external inputs, which inherently presents a surface for indirect prompt injection.
- Ingestion points: External data is processed via
agent.run(),agent.run_sync(), and tool-specific logic inSKILL.md. - Boundary markers: The provided examples use standard string interpolation; however, the framework's use of Pydantic models for structured output helps enforce data schemas.
- Capability inventory: Across
SKILL.md, the agents demonstrate capabilities such as making network requests (httpx) and interacting with a database through dependency injection. - Sanitization: The skill includes a dedicated security section recommending input validation and manual confirmation for high-risk actions, which mitigates injection risks.
Audit Metadata