Skills
skills/grupoyacck/gy-agent-skills/odoo-migrate/Gen Agent Trust Hub

odoo-migrate

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from both local module files and remote external documentation.
  • Ingestion points: Processes Odoo module files (manifests, Python scripts, XML views) and fetches remote documentation from GitHub Wiki pages.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: Has the ability to read and write files across the module directory and execute shell commands for syntax verification.
  • Sanitization: No sanitization or validation of the ingested content is specified before it is used to influence the agent's migration logic.
  • [COMMAND_EXECUTION]: The skill performs shell command execution during the verification phase.
  • Evidence: Instructs the agent to run python -m py_compile on every .py file within the module directory to check for syntax errors. This involves passing local file paths directly to a shell-executed command.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external URLs to guide its migration process.
  • Evidence: Uses WebFetch to retrieve migration documentation from the Odoo Community Association (OCA) wiki on github.com. This is a well-known source for Odoo development guidelines and is used here to inform the migration steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 10:23 PM