skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/frappe-syntax-controllers/Gen Agent Trust Hub
frappe-syntax-controllers
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical education resource for Frappe Framework development. It includes a dedicated 'Anti-Patterns' reference file that specifically addresses security best practices.
- [SAFE]: Security-positive documentation includes:
- Guidance on preventing SQL injection by using parameterized queries instead of Python f-strings or string formatting.
- Instructions for implementing mandatory permission checks in whitelisted methods (
@frappe.whitelist()) to prevent unauthorized API access. - Warnings against the manual use of
frappe.db.commit(), which can disrupt the framework's transaction management. - [SAFE]: The skill documents the safe use of document flags (e.g.,
ignore_permissions) by providing justifications and correct usage patterns. - [SAFE]: All code examples use placeholder domains (e.g.,
api.example.com) and standard framework conventions with no evidence of obfuscation or hidden logic.
Audit Metadata