erpnext-impl-serverscripts
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill focuses on legitimate development tasks within the Frappe/ERPNext framework.
- [SAFE]: The skill provides explicit warnings about SQL injection risks and demonstrates the correct use of
frappe.db.escape()to mitigate them in Workflow 6. - [SAFE]: Remote code execution is discouraged; the skill correctly notes that imports are restricted in the server-side sandbox, preventing unauthorized library loading.
- [SAFE]: Examples involving data creation (e.g., creating ToDo items in Workflows 3 and 5) use standard framework methods and are intended for legitimate automation within the ERP environment.
Audit Metadata