Skills
skills/guerreroje/sap-skills/sap-fiori-tools/Gen Agent Trust Hub

sap-fiori-tools

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard Node.js package managers and SAP Fiori CLI commands for the application development lifecycle.
  • Evidence: Commands such as npm start, npm run deploy, npx fiori, and mbt build are provided for building, testing, and deploying projects as part of the intended skill functionality (found in SKILL.md, references/deployment.md, and references/preview.md).
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of sample projects and tools from established and trusted sources.
  • Evidence: Instructs users to clone sample applications from the official SAP GitHub organization (https://github.com/SAP-samples/fiori-tools-samples) and references documentation from official SAP repositories (https://github.com/SAP-docs/btp-fiori-tools).
  • [CREDENTIALS_UNSAFE]: The documentation mentions an environment variable that disables security verification for troubleshooting purposes.
  • Evidence: In references/configuration.md, the skill identifies NODE_TLS_REJECT_UNAUTHORIZED=0 as a way to bypass certificate issues. This is documented with an explicit warning stating it is "not recommended" and advising users to resolve the underlying certificate issues instead.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 04:50 AM