frappe-api-handler
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill creates endpoints that ingest untrusted data used to drive high-privilege database operations. 1. Ingestion points: All methods decorated with @frappe.whitelist() in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Database modification via frappe.get_doc, doc.insert, and frappe.delete_doc across all API examples. 4. Sanitization: Examples use frappe.has_permission but lack granular validation for dynamically passed document types in bulk operations.
- [CREDENTIALS_UNSAFE] (MEDIUM): The authentication templates provide a manual path for user session switching that can lead to account takeover if the lookup logic is flawed. Evidence: Use of frappe.set_user(user) based on API key lookup in api_key_method and token_auth examples.
- [COMMAND_EXECUTION] (LOW): Methods like delete_document and paginated_list use dynamic doctype strings from callers to determine the target of database operations. Evidence: The doctype parameter is passed directly to frappe.delete_doc and frappe.get_all without validation against a restricted allowlist, potentially exposing internal system structures.
Audit Metadata