erpnext-syntax-serverscripts
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a technical manual and provides educational reference material for developers working with the Frappe framework. No malicious instructions or security bypasses were found.
- [COMMAND_EXECUTION]: The skill documents the platform command 'bench --site [site] set-config server_script_enabled true'. This is a standard administrative configuration required to use the features described and is presented legitimately as part of the setup instructions.
- [DYNAMIC_EXECUTION]: The skill provides code templates for server-side scripts. These examples are designed for a restricted sandbox environment and demonstrate security best practices, such as using 'frappe.db.escape()' to prevent SQL injection when handling variables.
- [INDIRECT_PROMPT_INJECTION]: The skill outlines how to process external data using the 'frappe.form_dict' object. It correctly identifies the attack surface of handling user input and provides the appropriate sanitization methods (escaping) to mitigate potential injection vulnerabilities.
Audit Metadata