The Agent Skills Directory

[SAFE]: The skill focuses on secure development practices for the Frappe/ERPNext framework. It provides implementation workflows that include mandatory permission checks and validation logic.
[SAFE]: The 'Anti-Patterns' reference in references/anti-patterns.md provides high-quality security guidance, educating users on how to avoid SQL injection via parameterized queries, prevent sandbox escapes, and avoid the N+1 query problem.
[PROMPT_INJECTION]: The skill templates establish an ingestion surface for external data through the implementation of custom API endpoints.
Ingestion points: Untrusted user data is captured via frappe.form_dict in SKILL.md (Workflow 4) and references/examples.md (Example 6).
Boundary markers: While explicit text delimiters are not used, the templates implement logical validation and permission checks (frappe.has_permission) to manage data flow.
Capability inventory: The provided patterns have the capability to perform database operations via frappe.db, manage system documents via frappe.get_doc, and send communications via frappe.sendmail.
Sanitization: Robust sanitization and validation are standard throughout the skill, including the use of frappe.db.escape, parameterized SQL queries, and input type casting (e.g., cint).

erpnext-impl-serverscripts