sap-cap-capire
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for the agent to download and install official SAP development tools, including the
@sap/cds-dkCLI and the@cap-js/mcp-serverutility, from the established SAP npm organization. - [PROMPT_INJECTION]: The skill implements Model Context Protocol (MCP) tools that ingest local project metadata and documentation chunks to provide context-aware assistance. This creates a surface for indirect prompt injection where content in the user's project files could attempt to influence the agent's behavior.
- Ingestion points: Local compiled Core Schema Notation (CSN) files and documentation chunks processed by
search_modelandsearch_docstools. - Boundary markers: Boundary markers are not explicitly defined in the skill instructions; the agent relies on the underlying MCP implementation for data delimitation.
- Capability inventory: The skill provides access to the
cdsCLI,npm, and deployment tools likecfandmbt. - Sanitization: No specific sanitization or filtering logic is provided within the skill's markdown or templates for external data.
- [CREDENTIALS_UNSAFE]: Mocked user credentials (e.g., 'alice:alice', 'bob:bob') are present in the
templates/package.jsonfile. These are standard, safe placeholders intended strictly for local development and testing environments, as confirmed by their placement within a '[development]' profile configuration.
Audit Metadata