fastapi-guideline
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides production-ready templates and best practices for FastAPI, including proper use of async def for all handlers and services.
- [EXTERNAL_DOWNLOADS]: Mentions github.com/wshobson/agents as the source of its base patterns. This is documented as attribution and does not instruct the agent to execute remote code at runtime.
- [COMMAND_EXECUTION]: Provides instructions for managing dependencies and running the server using uv and granian. These are legitimate developer tools.
- [SAFE]: Includes templates for configuration using pydantic-settings and environment variables. This follows standard security practices by avoiding hardcoded credentials in the codebase.
- [PROMPT_INJECTION]: Defines endpoints for processing external data, such as AI chat streaming. While this creates a potential attack surface for indirect prompt injection, it is a standard functional requirement for the described use case.
- Ingestion points: Data enters via Pydantic schemas in request bodies and query parameters across the api/v1/ routes.
- Boundary markers: Not present in the generic templates.
- Capability inventory: Includes the ability to run shell commands via uv and access a PostgreSQL database via psycopg.
- Sanitization: Uses Pydantic for structural validation, though specific content filtering is left to the developer.
Audit Metadata