skills/itechmeat/llm-code/pydantic-ai/Gen Agent Trust Hub

pydantic-ai

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The documentation describes a framework that ingests untrusted data from multiple sources (user input, web search results, MCP servers) and provides agents with significant capabilities (code execution, file system access, tool delegation).
  • Ingestion points: Untrusted data enters the agent context via agent.run() prompts, WebSearchTool results, MCPServerTool outputs, and multimodal inputs (URLs for images/audio/video).
  • Boundary markers: The documentation focuses on system prompts and structured outputs, but does not consistently mandate the use of delimiters or 'ignore' instructions when processing external tool outputs.
  • Capability inventory: The framework supports high-risk capabilities including CodeExecutionTool (available in OpenAI/Google/Anthropic), FileSystemToolset (mentioned in agents.md), and network access via multiple search tools.
  • Sanitization: While the framework provides args_validator for tool inputs and Pydantic validation for outputs, these do not inherently prevent the LLM from following malicious instructions embedded in processed text data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:04 PM
Security Audit — agent-trust-hub — pydantic-ai