erpnext-syntax-hooks
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference for ERPNext developers to configure application hooks. No malicious patterns or security vulnerabilities were identified in the analyzed files.
- [PROMPT_INJECTION]: No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected. The instructions are structured as technical guidance for code generation.
- [EXTERNAL_DOWNLOADS]: No unauthorized external downloads or remote script executions (e.g., curl | bash) were found. The skill mentions standard local framework commands like
bench migrate. - [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were found. Database interaction examples use standard framework APIs with appropriate escaping (e.g.,
frappe.db.escape). - [DATA_EXFILTRATION]: No network operations to non-whitelisted domains or patterns suggestive of data exfiltration were detected.
- [COMMAND_EXECUTION]: The skill documents the use of legitimate framework commands and hooks. It provides safety warnings in its 'Anti-Patterns' section, such as advising against sensitive data exposure in client-side bootinfo.
Audit Metadata