GI API Design FastAPI

Security checks across malware telemetry and agentic risk

Overview

This is a simple FastAPI API-design guidance skill with no executable code, hidden behavior, credential access, or persistence.

Reasonable to install for FastAPI API design help. Treat its output as coding guidance and review generated endpoints for authentication, authorization, validation, rate limiting, and safe handling of create/update/delete operations before deploying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broadly phrased around common developer tasks like creating routes and API guidance, which can cause the skill to activate in situations where the user's request did not specifically call for this constrained behavior. Over-broad activation increases the chance of unintended prompt injection surface and misapplication of the skill's assumptions to unrelated coding tasks.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The invocation phrases are very generic, such as 'design an interface', 'add API', or 'write a route', and overlap with normal development language across many contexts. This ambiguity can trigger the skill unintentionally, causing inappropriate guidance, hidden context switching, or increased exposure to malicious user phrasing that steers the agent into the skill without clear authorization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal