python-api-endpoint-creator
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill establishes a secure development pattern for FastAPI, emphasizing separation of concerns and data validation through Pydantic. It correctly identifies the risk of internal field leakage and mandates the use of response models to mitigate it.
- [PROMPT_INJECTION]: The code generation process involves interpolating user-provided domain names into templates in
code-patterns.md. While this is a common scaffolding pattern, it technically constitutes an indirect prompt injection surface. - Ingestion points: User-supplied domain and entity names are inserted into placeholders within the
code-patterns.mdtemplates. - Boundary markers: Absent; the templates do not define explicit delimiters to separate user input from the generated code logic.
- Capability inventory: The skill employs
WriteandEdittools to create and modify the resulting application files. - Sanitization: The skill does not provide instructions or patterns for sanitizing user-provided strings prior to interpolation into the code templates.
Audit Metadata