frappe-dev
Pass
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations using the 'bench' CLI to manage the Frappe environment. These commands include site creation, app installation, database migrations, and starting development processes. These are essential, intended functions for the framework's development workflow.
- [EXTERNAL_DOWNLOADS]: The instructions guide the agent to perform 'yarn install' within the frontend directory of an app to fetch dependencies from official package registries. This is standard procedure for building Vue-based frontends as described in the skill's documentation.
- [PROMPT_INJECTION]: The skill is designed to read and analyze existing codebase structures and configuration files to perform its tasks, representing a surface for indirect prompt injection.
- Ingestion points: Files like 'hooks.py', DocType JSON definitions, and site configurations are read from the bench environment to determine application context (SKILL.md, existing-app.md).
- Boundary markers: The skill does not explicitly instruct the use of delimiters or 'ignore' warnings when reading external file content.
- Capability inventory: The skill has capabilities to execute 'bench' commands and modify files on the system.
- Sanitization: No explicit sanitization or validation of the ingested file content is described; the skill relies on the underlying LLM's processing logic.
Audit Metadata