frappe-customizations-writer
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to search for and execute a bundled Python script (
add_customization.py) within the local project environment. This script is responsible for merging DocType customizations into JSON schema files.- [PROMPT_INJECTION]: The skill facilitates the modification of application configuration files based on untrusted user input, which represents an indirect prompt injection surface. - Ingestion points: Customization specifications are collected from users via interviews and written to a temporary JSON file (
/tmp/spec.json) for processing by the script. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' warnings when handling user-provided data for file interpolation.
- Capability inventory: The agent has permissions to write files to the local file system and execute Python scripts via the shell.
- Sanitization: The
add_customization.pyscript performs JSON parsing and normalizes input fields against standard Frappe schema defaults, providing structural validation but not semantic safety checks on user-supplied values.
Audit Metadata