frappe-core-database
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational resource for Frappe database operations, emphasizing security best practices and official framework methodologies.
- [COMMAND_EXECUTION]: The skill documents methods like
frappe.db.sqlandfrappe.qb.run()for executing database queries. It provides mandatory instructions to use parameterized queries to prevent SQL injection vulnerabilities and highlights vulnerable patterns as anti-patterns to avoid. - [DATA_EXFILTRATION]: The skill describes methods for reading data from the database (e.g.,
frappe.get_all,frappe.db.get_list). While it documents patterns for bypassing permission checks for system-level operations (ignore_permissions=True), these are standard framework features documented for legitimate development use cases with no evidence of malicious exfiltration intent. - [PROMPT_INJECTION]: No malicious instructions, behavioral overrides, or safety bypass patterns were detected in the skill metadata or reference files.
Audit Metadata