odoo-deploy
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the use of the
odoo-bin shellcommand, which allows for arbitrary Python execution within the Odoo environment. It also incorporates shell commands for database backups (pg_dump), file archiving (tar), and Docker container management (docker exec). these tools are appropriate for the skill's stated devops and deployment utility. - [EXTERNAL_DOWNLOADS]: The documentation references an external repository at
https://github.com/tuanle96/mcp-odoofor integrating introspection capabilities as agent tools. This resource is maintained by the skill author. - [PROMPT_INJECTION]: An indirect prompt injection surface exists within the 'enforcement gate' workflow. The
odoo-ai gateprocess ingests external environment data, such as fingerprints and security check results, and renders them into pull request comments. Maliciously crafted data within the Odoo environment could potentially influence the auditing logic or the resulting agent interpretations. The skill includes 'redact' and 'scan-secrets' gates as mitigation measures to process this data safely. - [COMMAND_EXECUTION]: The provided CI integration scripts include automated
git pushoperations intended to commit evidence bundles back to the repository. This workflow requires the build environment to have write access to the source code repository.
Audit Metadata