odoo-deploy

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the use of the odoo-bin shell command, which allows for arbitrary Python execution within the Odoo environment. It also incorporates shell commands for database backups (pg_dump), file archiving (tar), and Docker container management (docker exec). these tools are appropriate for the skill's stated devops and deployment utility.
  • [EXTERNAL_DOWNLOADS]: The documentation references an external repository at https://github.com/tuanle96/mcp-odoo for integrating introspection capabilities as agent tools. This resource is maintained by the skill author.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists within the 'enforcement gate' workflow. The odoo-ai gate process ingests external environment data, such as fingerprints and security check results, and renders them into pull request comments. Maliciously crafted data within the Odoo environment could potentially influence the auditing logic or the resulting agent interpretations. The skill includes 'redact' and 'scan-secrets' gates as mitigation measures to process this data safely.
  • [COMMAND_EXECUTION]: The provided CI integration scripts include automated git push operations intended to commit evidence bundles back to the repository. This workflow requires the build environment to have write access to the source code repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — odoo-deploy