odoo-data

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the execution of shell commands using the odoo-bin shell utility with input redirection from local Python scripts such as scripts/metadata.py and scripts/model_brief.py to inspect the database state.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it directs the agent to ingest and process data from the live Odoo database (specifically ir.model.data and ir.config_parameter) to inform the creation or modification of Odoo module data files. Ingestion points: Database record information retrieved via odoo-bin shell and introspection scripts. Boundary markers: The skill does not define delimiters or warnings to isolate ingested database content from its instructions. Capability inventory: The skill is designed to facilitate the automated generation and modification of XML and CSV records, including method calls via function tags. Sanitization: There is no mention of sanitizing or escaping database values before they are interpolated into the generated data files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — odoo-data