frappe-testing

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded default passwords found in reference configuration files.
  • Evidence: 'MYSQL_ROOT_PASSWORD: root' and '--admin-password admin' in references/ci-testing.md.
  • Evidence: '"adminPassword": "admin"' in references/cypress.md.
  • [COMMAND_EXECUTION]: The skill performs shell command execution using the bench CLI for environment setup and test runs.
  • Evidence: SKILL.md specifies bench commands for site migration, running tests, and UI testing.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the use of unvalidated parameters in shell commands.
  • Ingestion points: '', 'my_app', and 'DocType' parameters in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via the bench CLI.
  • Sanitization: No sanitization or escaping logic is defined for variables interpolated into shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 08:06 AM
Security Audit — agent-trust-hub — frappe-testing