skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/erpnext-syntax-jinja/Gen Agent Trust Hub
erpnext-syntax-jinja
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No evidence of instructions attempting to bypass safety filters or override agent behavior.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or data exfiltration patterns. The skill demonstrates standard database field access within the Frappe framework.
- Obfuscation (SAFE): No hidden or encoded content detected.
- Unverifiable Dependencies (SAFE): No external packages or remote code downloads.
- Indirect Prompt Injection (SAFE): The skill identifies and mitigates vulnerability surfaces. 1. Ingestion points: Untrusted data enters via
frappe.form_dictordocfields. 2. Boundary markers: The skill recommends standard delimiters and explicitly warns against using the| safefilter on user input. 3. Capability inventory: Templates have access to database reads (frappe.db) and template rendering (frappe.render_template). 4. Sanitization: Guidance emphasizes auto-escaping and warns against disabling thesafe_rendercontext variable. - System Integrity (SAFE): No persistence mechanisms, privilege escalation, or conditional attacks detected.
Audit Metadata