skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/frappe-impl-customapp/Gen Agent Trust Hub
frappe-impl-customapp
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructional content for Frappe application development with a clear focus on best practices and secure coding.
- [COMMAND_EXECUTION]: The skill includes standard Frappe/Bench CLI commands (e.g.,
bench new-app,bench migrate) for development workflows. These are well-known, legitimate operations within the Frappe ecosystem. - [EXTERNAL_DOWNLOADS]: Dependencies for Python packages (e.g.,
requests,pandas) are specified in standard configuration files likepyproject.toml. These target official registries (PyPI) and are consistent with the skill's purpose. - [DATA_EXPOSURE_AND_EXFILTRATION]: Database operations in code examples use correctly parameterized queries (
frappe.db.sql("... %s ...", (val,))) or explicitly demonstrate the use offrappe.db.escape()to prevent SQL injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill demonstrates secure handling of sensitive credentials by using the built-in Frappe secret management system (
settings.get_password('api_key')) rather than hardcoding values. - [PROMPT_INJECTION]: No evidence of prompt injection, bypass instructions, or attempts to override AI safety guidelines were detected in the instructions or metadata.
Audit Metadata