{
  "instruction": "Add TrustedHostMiddleware to prevent host header attacks",
  "relevant_when": "Agent creates or modifies a FastAPI application, adds routes to a FastAPI app, or sets up a FastAPI project",
  "context": "Every FastAPI app must have TrustedHostMiddleware from starlette to prevent host header injection attacks. Allowed hosts should be read from os.getenv('ALLOWED_HOSTS') with a default of 'localhost,127.0.0.1'.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/fastapi-security-basics/SKILL.md",
      "tile": "tessl-labs/fastapi-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "trusted-host-middleware-added",
      "rule": "Agent adds TrustedHostMiddleware from starlette.middleware.trustedhost",
      "relevant_when": "Agent creates or modifies a FastAPI application"
    },
    {
      "name": "allowed-hosts-from-env",
      "rule": "Agent reads allowed_hosts from os.getenv('ALLOWED_HOSTS') or similar environment variable",
      "relevant_when": "Agent creates or modifies a FastAPI application"
    },
    {
      "name": "default-hosts-localhost",
      "rule": "Agent provides default values of localhost and 127.0.0.1 when the environment variable is not set",
      "relevant_when": "Agent creates or modifies a FastAPI application"
    }
  ]
}

evals

skills

verifiers

fastapi-cors-configured.json

fastapi-input-validation.json

fastapi-rate-limiting.json

fastapi-security-configured.json

fastapi-security-headers.json

fastapi-trusted-hosts.json

tile.json

tessl-labs/fastapi-security-basics

fastapi-trusted-hosts.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

fastapi-trusted-hosts.jsonverifiers/