frappe-testing
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded default passwords found in reference configuration files.
- Evidence: 'MYSQL_ROOT_PASSWORD: root' and '--admin-password admin' in references/ci-testing.md.
- Evidence: '"adminPassword": "admin"' in references/cypress.md.
- [COMMAND_EXECUTION]: The skill performs shell command execution using the bench CLI for environment setup and test runs.
- Evidence: SKILL.md specifies bench commands for site migration, running tests, and UI testing.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the use of unvalidated parameters in shell commands.
- Ingestion points: '', 'my_app', and 'DocType' parameters in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Shell command execution via the bench CLI.
- Sanitization: No sanitization or escaping logic is defined for variables interpolated into shell commands.
Audit Metadata