python-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and template resource for Python/FastAPI development. Analysis across all 10 threat categories confirms the content is safe and follows industry standards.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The code patterns correctly demonstrate using
pydantic-settingsto load secrets from environment variables (.envfile). A placeholder string 'change-me' is used for theSECRET_KEYdefault, which is a standard development practice. - [COMMAND_EXECUTION]: The skill does not contain any shell command execution or subprocess spawning. All provided code is for high-level application logic using well-known libraries.
- [EXTERNAL_DOWNLOADS]: No external downloads or remote script executions are performed. The skill references standard, reputable libraries (FastAPI, SQLAlchemy, Pydantic) that are common in the Python ecosystem.
- [DATA_EXFILTRATION]: No network exfiltration logic or unauthorized access to sensitive file paths was detected. The CORS middleware configuration provided is a standard example for local development.
Audit Metadata