convert-ui5-to-fiori-elements
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official SAP Fiori MCP server and project generators from the SAP organization's scope on the public NPM registry.\n- [COMMAND_EXECUTION]: Employs shell commands to analyze existing application files, manage local development servers, and execute SAP-provided command-line utilities like
npxandnpm.\n- [COMMAND_EXECUTION]: Uses thepkillcommand to manage the lifecycle of local UI5 development server processes during the testing phase.\n- [PROMPT_INJECTION]: The skill identifies metadata from untrusted legacy application source code to drive the generation of new application components and backend annotations.\n - Ingestion points: Phase 1 reads views, controllers, and manifest files from the local
<source_app>/webapp/directory.\n - Boundary markers: No explicit delimiter or instruction-bypass protection is specified for the data extraction phase.\n
- Capability inventory: The skill utilizes
SAPWriteto modify ABAP backend objects,execute_functionalityto generate local project files, and shell commands for environmental tasks.\n - Sanitization: The skill does not describe explicit sanitization or validation logic for data extracted from legacy files before it is used in code generation.
Audit Metadata