odoo-month-end-close
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external accounting data from an Odoo database, which represents an indirect prompt injection surface where record content could attempt to influence agent logic.
- Ingestion points: Data is retrieved from Odoo records using
search_recordsandaggregate_recordsas described inSKILL.md. - Boundary markers: The skill contains explicit 'Hard rules' and playbook steps (Step 6) that mandate human sign-off for every modification or state change.
- Capability inventory: The agent has the capability to modify database records via
execute_approved_writeand post to communication logs viachatter_post. - Sanitization: The workflow incorporates a human review checkpoint where the agent must present a
preview_writediff for approval before executing any permanent changes.
Audit Metadata