The Agent Skills Directory

[SAFE]: The skill provides boilerplate code for building AI-powered web services, promoting a clear separation between core logic and API infrastructure.
[SAFE]: Configuration management utilizes pydantic-settings and environment variables, which is the recommended practice for securely handling API keys and sensitive settings.
[SAFE]: Dependencies listed in requirements.txt are well-known, versioned packages from official registries (FastAPI, DSPy, Pydantic, MLflow).
[SAFE]: The skill correctly implements thread-safe operations using dspy.context() to prevent concurrent requests from mutating global state when overriding model parameters.
[PROMPT_INJECTION]: The skill facilitates the creation of web endpoints that ingest untrusted user data for processing by LLMs, which is a standard surface for indirect prompt injection.
Ingestion points: POST /query in SKILL.md, /predict in templates/app.py, and /search in examples.md accept strings directly from the request body.
Boundary markers: Absent; the templates do not explicitly include delimiters or system-level instructions to ignore embedded commands within the input string.
Capability inventory: The generated API performs network operations to official AI providers (e.g., OpenAI, Anthropic) and reads local configuration files.
Sanitization: Absent; input is validated for length via Pydantic but is otherwise passed directly to the AI model.

ai-serving-apis