frappe-tweaks-power-query-expert
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and Power Query M code templates for data integration with Frappe apps.
- [DATA_EXPOSURE]: The instructions explicitly guide users to use the built-in Excel/Power BI authentication dialogs (HTTP Basic Auth) instead of hardcoding API keys or passwords within the provided M code snippets. It also recommends using API keys over user passwords for production environments.
- [REMOTE_CODE_EXECUTION]: There is no evidence of unauthorized remote code execution or command injection. All network operations are directed at the user-defined
BaseUrlfor the Frappe instance via standard Power Query functions (Web.Contents). - [PROMPT_INJECTION]: The instructions are focused on technical implementation and do not contain any patterns aimed at overriding agent behavior or bypassing safety filters.
- [INDIRECT_PROMPT_INJECTION]: While the generated M code processes external JSON data from a Frappe API, the risk of indirect prompt injection is negligible as the code is intended for execution within the Power BI/Excel sandbox for data transformation, not for influencing subsequent AI agent actions.
Audit Metadata