litestar-ai-serving
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The reference material in
references/ai-serving.mdpoints to an external GitHub repository (github.com/cofin/oracledb-vertexai-demo) as a source for implementation patterns and canonical code snippets. - [PROMPT_INJECTION]: The skill documents a 'Persona-augmented prompts' pattern (Category 8) that is vulnerable to indirect prompt injection. This pattern involves dynamically appending untrusted or potentially attacker-controlled content to the system prompt via string concatenation.
- Ingestion points: Untrusted input from the
ChatController(data.message) and persona-specific additions (persona.system_prompt_addon) are incorporated into the agent's reasoning loop inreferences/ai-serving.md. - Boundary markers: The prompt construction examples in the
PersonaManagerpattern lack delimiters or specific instructions for the agent to ignore instructions embedded in the external persona data. - Capability inventory: The implementation uses a tool-calling runner with capabilities including vector search (
search_records_by_vector), record lookup (get_record_details), and intent classification (classify_intent). - Sanitization: No evidence of input sanitization or validation was found in the provided code templates or handler logic.
Audit Metadata