frappe-printing-templates

The document is benign instructional material for generating print formats, emails, and PDFs using Jinja in Frappe, but it explicitly demonstrates risky patterns that can enable data leakage or XSS when templates are authored or rendered by untrusted parties. Highest risk items are use of frappe.get_all inside templates (permission-unaware) and rendering raw HTML via |safe. No direct malware signs were found, but the documented capabilities allow powerful data access and exfiltration vectors (emails/attachments). Enforce strict access control on template creation/editing, prefer permission-aware APIs, never render untrusted HTML as safe, and audit uses of send/attach operations.