django-security
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious override instructions or bypass attempts were detected. The content is educational and adheres to standard security documentation practices.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill appropriately advises using environment variables for sensitive data like
SECRET_KEYandDATABASE_URL. No hardcoded credentials or unauthorized data exfiltration patterns are present. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Referenced software consists of well-known libraries within the Django ecosystem. There are no patterns involving untrusted remote script execution or unverifiable package installations.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies common data ingestion surfaces and provides specific remediation logic to prevent injection attacks. Ingestion points: Form inputs, file uploads (
Documentmodel), and external webhooks (webhook_view). Boundary markers: Template CSRF tokens and Content Security Policy headers. Capability inventory: Database ORM operations and file system writes. Sanitization: Validation functions for file extensions/size and template escaping filters (escape,escapejs,format_html).
Audit Metadata