odoo-agency-fleet-review

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a standard operational workflow for using Odoo management tools. It does not contain any malicious code, obfuscation, or injection attempts.
  • [DATA_EXFILTRATION]: The skill handles multi-client data but includes explicit instructions to respect 'opt-out' configurations (cross_instance: false) and emphasizes that cross-instance operations are read-only to prevent unauthorized modification across instances.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data from external Odoo databases via search_records and accounting_health_across_instances. However, it provides no evidence of capabilities that could be abused through data ingestion, such as file-system writes or shell command execution.
  • [COMMAND_EXECUTION]: No shell commands, subprocess calls, or unauthorized tool invocations are present in the instructions. The tool usage is confined to predefined Odoo MCP tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:44 PM
Security Audit — agent-trust-hub — odoo-agency-fleet-review