fastapi-code-review
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a directive for the agent to load and follow an external set of instructions from an adjacent file directory (
review-verification-protocol/SKILL.md) before reporting issues, creating a multi-step instruction chain.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because its core function involves ingesting and analyzing external source code provided by users.\n - Ingestion points: The agent processes user-provided FastAPI application code, Pydantic models, and configuration files as specified in SKILL.md and its references.\n
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided to help the agent distinguish between its analysis rules and potential malicious instructions embedded in the code under review.\n
- Capability inventory: The agent's capability is primarily focused on generating textual review reports and feedback based on the provided checklists.\n
- Sanitization: The instructions do not describe any mechanisms for sanitizing or validating the input code to prevent the execution of instructions that may be hidden in code comments or strings.
Audit Metadata