frappe-reports
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user requirements for 'Report purpose and data requirements' to generate executable report logic. This creates a surface where a malicious user could attempt to manipulate the agent into generating code that accesses unauthorized data or performs unintended actions.
- Ingestion points:
SKILL.mddefines report purpose and data requirements as primary inputs. - Boundary markers: No specific delimiters or 'ignore' instructions are provided to the agent for processing these inputs.
- Capability inventory: The skill leverages
frappe.db.sqlfor database access and provides templates for Script Reports which execute Python and JavaScript. - Sanitization: The skill includes a dedicated 'Guardrails' section and a 'Common Mistakes' table that provide defensive instructions, such as using
frappe.db.escape()and checking user permissions withfrappe.has_permission(). - [Dynamic Execution] (LOW): The skill involves the generation of Python and JavaScript scripts from templates to implement report logic, which is a standard and documented feature of the Frappe framework.
Audit Metadata