Skills
skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/erpnext-impl-jinja/Gen Agent Trust Hub

erpnext-impl-jinja

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions to run bench migrate in SKILL.md and references/workflows.md. This is a standard administrative command used in the Frappe framework to synchronize database schemas and is consistent with the skill's purpose as a developer tool.
  • [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface where Jinja templates process untrusted data from ERPNext document fields.
  • Ingestion points: Document fields (e.g., doc.remarks, doc.customer_name) are processed in SKILL.md and references/examples.md.
  • Boundary markers: The documentation explicitly warns developers against using the | safe filter on untrusted user input to prevent Cross-Site Scripting (XSS) in references/anti-patterns.md.
  • Capability inventory: The skill demonstrates capabilities such as performing database queries via frappe.db.sql and sending emails via frappe.sendmail.
  • Sanitization: It recommends utilizing Jinja's default auto-escaping and the get_formatted method for rendering display values safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 05:37 PM