The skill promotes insecure CORS configuration
Claims to do
FastAPI Project Templates: Production-ready FastAPI project structures with async patterns, dependency injection, middleware, and best practices for building high-performance APIs.
Actually does
This skill provides extensive Python code examples and architectural patterns for building a FastAPI application. It demonstrates project structure, async database operations with SQLAlchemy, dependency injection, CRUD repositories, a service layer, API endpoints, and JWT-based authentication/authorization. It also includes pytest examples for testing. The skill does not execute any commands, access external data, or contact external URLs; it solely presents code for manual implementation.
npx skills add https://github.com/wshobson/agents --skill fastapi-templatesThe `CORSMiddleware` is configured with `allow_origins=["*"]`, which permits cross-origin requests from any domain. This is a significant security risk in production environments, potentially enabling data exfiltration or other client-side attacks if not properly restricted.
allow_origins=["*"]
The skill claims to provide 'production-ready' templates, but includes an `allow_origins=["*"]` CORS configuration which is highly insecure for production and contradicts the 'production-ready' assertion. This could mislead users into deploying insecure configurations.
description: Create production-ready FastAPI projects...
The skill's stated purpose implies it 'creates' or provides 'templates' for FastAPI projects, suggesting a project generation or scaffolding capability. However, the actual content consists entirely of code snippets and architectural descriptions, requiring manual implementation rather than automated project creation.
The skill content is solely Python code and descriptive text, lacking any executable commands or tools that would 'create' or 'generate' a project structure.
[](https://mondoo.com/ai-agent-security/skills/github/wshobson/agents/fastapi-templates)<a href="https://mondoo.com/ai-agent-security/skills/github/wshobson/agents/fastapi-templates"><img src="https://mondoo.com/ai-agent-security/api/badge/github/wshobson/agents/fastapi-templates.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/wshobson/agents/fastapi-templates.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.