The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documents the use of the bench CLI tool to modify server configuration settings, such as enabling server-side script execution.
[DATA_EXFILTRATION]: Documentation covers the platform's native HTTP utility functions (frappe.make_get_request and frappe.make_post_request) for making outbound network calls from within server-side scripts.
[SAFE]: The skill is primarily a security-conscious developer guide that provides defensive patterns for the target framework:
SQL Injection Mitigation: It explicitly warns against string formatting in database queries and provides examples of parameterized queries and the use of frappe.db.escape() to sanitize inputs.
Access Control Enforcement: Patterns for custom API endpoints include mandatory permission checks (frappe.has_permission) to ensure data is not exposed to unauthorized users.
Sandbox Integrity: The documentation identifies sandbox constraints and advises against common escape vectors like unsafe imports or dynamic code execution (eval/exec).
Input Validation: Workflows include guidance on validating and capping user-provided input values to prevent resource exhaustion and logic errors.

frappe-impl-serverscripts