skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/frappe-impl-workspace/Gen Agent Trust Hub
frappe-impl-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the programmatic creation of workspace components using standard Frappe Python APIs (e.g.,
frappe.new_doc,workspace.insert). While these involve database operations and permission bypasses (ignore_permissions=True), they are documented as standard practices for system-level setup and installation scripts within the Frappe ecosystem. - [DYNAMIC_EXECUTION]: The skill describes the 'Custom HTML Block' feature which allows embedding arbitrary HTML, CSS, and JavaScript into workspaces. The documentation includes specific safety rules to mitigate risks, such as advising against
<script>tags in the HTML field and recommending the use of Frappe's whitelisted API calls (frappe.call) for data fetching. - [SAFE]: The skill includes references to well-known domains associated with the Frappe/ERPNext ecosystem (e.g.,
docs.erpnext.com) and uses standard framework-specific naming conventions for vendor resources (e.g.,myapp.api.*).
Audit Metadata