The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The scripts/setup-framework.sh script automates the installation of multiple Python packages using pip install without version pinning or hash verification. While the packages (celery, redis, etc.) are standard, automated unversioned installation is a security risk.
[COMMAND_EXECUTION] (LOW): The scripts/test-integration.sh script uses eval to execute shell commands for testing. Although the commands are hardcoded in the script (e.g., python -c 'import celery'), the use of eval on constructed strings is generally discouraged.
[PROMPT_INJECTION] (LOW): The FastAPI template (templates/fastapi-integration/main.py) exposes an attack surface for indirect prompt injection by accepting arbitrary JSON data from a public POST endpoint (/api/task) and passing it directly to Celery tasks without sanitization or boundary markers.
Ingestion points: templates/fastapi-integration/main.py at /api/task and /api/quick endpoints.
Boundary markers: Absent; data is passed as a raw dictionary.
Capability inventory: Tasks in templates/fastapi-integration/tasks.py perform logging and return data; no dangerous side effects like file writes or command execution are present in the provided templates.
Sanitization: Absent.
[CREDENTIALS_UNSAFE] (LOW): Template files contain hardcoded placeholder strings for secrets and database credentials.
Evidence: templates/django-integration/settings.py and templates/flask-integration/celery_app.py use placeholders like 'your_secret_key_here' and 'your_database_url_here'.

framework-integrations