The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): The code snippets use standard ERPNext APIs like frappe.db.get_value and frappe.call to interact with the system database and server methods. These are standard developer patterns and do not involve unauthorized data exfiltration.
[Indirect Prompt Injection] (SAFE): Mandatory Evidence Chain: 1. Ingestion points: User-controlled fields via frm.doc in workflows.md. 2. Boundary markers: Absent in code snippets. 3. Capability inventory: frappe.call (server execution), frappe.db (DB access). 4. Sanitization: Relies on framework-level protections; snippets focus on logic rather than input scrubbing. No active injection logic present.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill contains no external dependencies or remote script execution. Placeholder files references/methods.md and references/patterns.md return 404 errors, indicating broken internal references but no security risk.
[Prompt Injection] (SAFE): The skill does not contain instructions that attempt to override safety filters or manipulate agent behavior.

erpnext-impl-clientscripts