frappe-syntax-reports
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a developer guide for Frappe reporting, emphasizing security best practices.
- [SAFE]: Explicitly addresses SQL injection risks in references/anti-patterns.md (AP-003) and references/query-report.md, mandating the use of parameterized queries over string interpolation.
- [SAFE]: Instructs developers on proper permission handling by using Reference DocType to control report access (AP-007).
- [SAFE]: Code examples follow the documented security rules, using standard Frappe APIs (frappe.db.sql, frappe.whitelist) without any unauthorized external communication or sensitive file access.
Audit Metadata