odoo-report
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide and set of patterns for Odoo developers. It focuses on template structure, CSS styling for reports, and version-specific Odoo features.
- [DYNAMIC_EXECUTION]: The skill correctly identifies the risks associated with dynamic execution in templates, such as Jinja2 and QWeb engines. It explicitly instructs the agent to validate that there is no unsafe use of eval() or exec() and that expressions remain sandbox-safe.
- [EXTERNAL_DOWNLOADS]: The documentation references external tools like wkhtmltopdf and Google Fonts. These are well-known, trusted resources used for PDF generation and web styling. The skill neutrally describes installation steps for the user.
- [DATA_EXFILTRATION]: While the skill mentions local file paths for configuration and binary locations (e.g., odoo.conf, bin_path), these are documented for setup and troubleshooting purposes and are not part of any exfiltration pattern.
- [INDIRECT_PROMPT_INJECTION]: The skill incorporates a mandatory validation checklist that includes checking for security patterns and escaping, which serves as a defensive measure against malicious content embedded in processed templates.
Audit Metadata