frappe-reports
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and code examples for Frappe development. All code samples follow standard framework best practices.
- [DATA_EXPOSURE]: The skill discusses data reporting but does not hardcode credentials or access sensitive system paths (e.g., .ssh, .aws). It focuses on application-level DocType data.
- [COMMAND_EXECUTION]: While Script Reports involve Python and JavaScript, the skill only provides documentation templates for these scripts and does not execute arbitrary shell commands.
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety filters were detected in the instructions or metadata.
- [DATA_EXFILTRATION]: No network operations or external data exfiltration patterns were identified.
- [SAFE]: The skill includes a dedicated 'Guardrails' section and 'Common Mistakes' table that specifically warns users about SQL injection and the importance of permission checks (
frappe.has_permission).
Audit Metadata