sap-abap
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a detailed reference for ABAP Dynamic Programming (
references/dynamic-programming.md), including the execution of dynamic ABAP SQL statements and dynamic method calls. These features allow the application to execute code constructed from strings at runtime, which is a potential vector for injection attacks if the input strings contain unsanitized user data. - [PROMPT_INJECTION]: The skill documents the integration of Large Language Models using the SAP ABAP AI SDK (
references/generative-ai.md). This introduces a surface for indirect prompt injection, where data processed by the AI could contain malicious instructions designed to manipulate the application's logic or behavior. - [EXTERNAL_DOWNLOADS]: The skill contains multiple references and links to official SAP documentation and public code repositories on GitHub (e.g.,
github.com/SAP-samples/abap-cheat-sheets). These are well-known, trusted industry sources for software development guidelines and reference materials.
Audit Metadata