Skills
skills/kehwar/skills/frappe-doctype-schema/Gen Agent Trust Hub

frappe-doctype-schema

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides an interface for the agent to ingest and apply DocType schemas that may contain executable UI-side logic. This presents an indirect prompt injection surface where malicious schema properties could lead to the execution of arbitrary JavaScript in the application UI.
  • Ingestion points: The scripts/save_doctype.py script accepts JSON schema files via its json_file argument.
  • Boundary markers: There are no markers or instructions implemented to ensure the agent ignores or validates nested instructions within the schema JSON.
  • Capability inventory: The skill possesses the ability to modify the database schema and write executable controller files (.py, .js) to the filesystem using the Frappe framework APIs.
  • Sanitization: The implementation does not sanitize or validate schema properties (e.g., depends_on expressions) before they are saved to the database and exported to the filesystem.
  • [COMMAND_EXECUTION]: The scripts/save_doctype.py script performs dynamic code generation at runtime. When a DocType is saved or updated using the Frappe framework's engine, the system automatically scaffolds or modifies Python and JavaScript controller files on the disk. This functionality allows for the creation of new executable code within the application environment based on the input JSON data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 08:41 PM