frappe-report-generator
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill contains instructional code and templates for Frappe Framework report development.
- [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found.
- [DATA_EXFILTRATION]: No network operations or commands to access sensitive system files (like SSH keys or credentials) were detected. The data access shown is limited to standard Frappe database tables for reporting purposes.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution or download external scripts. It uses the standard built-in
frappePython module. - [COMMAND_EXECUTION]: There are no subprocess calls or shell command executions identified in the provided scripts.
- [INDIRECT_PROMPT_INJECTION]: While the skill defines functions that process user-provided filters, it explicitly demonstrates the use of parameterized queries (
%(fieldname)s) to prevent SQL injection and includes permission check examples usingfrappe.has_permission.
Audit Metadata