odoo-agency-fleet-review
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standard operational workflow for using Odoo management tools. It does not contain any malicious code, obfuscation, or injection attempts.
- [DATA_EXFILTRATION]: The skill handles multi-client data but includes explicit instructions to respect 'opt-out' configurations (
cross_instance: false) and emphasizes that cross-instance operations are read-only to prevent unauthorized modification across instances. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data from external Odoo databases via
search_recordsandaccounting_health_across_instances. However, it provides no evidence of capabilities that could be abused through data ingestion, such as file-system writes or shell command execution. - [COMMAND_EXECUTION]: No shell commands, subprocess calls, or unauthorized tool invocations are present in the instructions. The tool usage is confined to predefined Odoo MCP tools.
Audit Metadata