frappe-impl-customapp
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and implementation workflows for the Frappe framework.
- [DATA_EXPOSURE]: The examples demonstrate secure handling of credentials using the built-in
get_passwordmethod and advice against hardcoding secrets in code. - [COMMAND_EXECUTION]: All shell commands provided (e.g.,
bench new-app,bench migrate) are standard administrative tools for the Frappe framework and are used as intended for development workflows. - [REMOTE_CODE_EXECUTION]: Dependencies listed in
pyproject.tomlexamples (e.g.,requests,pandas) are standard, well-known Python packages from official registries. No unverified remote code execution orcurl | bashpatterns were found. - [PROMPT_INJECTION]: No malicious prompt injection or behavior override patterns were detected in the instructions. The content focus is strictly on technical implementation of software features.
- [COMMAND_EXECUTION]: The skill correctly identifies and warns against common security risks such as SQL injection, providing correct sanitization patterns using
frappe.db.escapeand parameterized queries.
Audit Metadata