odoo-dev

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a workflow where the agent ingests extensive metadata from a running Odoo instance (via the odoo-introspect skill) to inform its coding decisions. This creates a surface where data from the environment (e.g., field help text or view architectures) is treated as authoritative context. If an attacker controls the target Odoo environment's metadata, they could attempt to influence the agent's generated code. However, this is an inherent and expected risk factor for development tools interacting with external systems.
  • Ingestion points: Data fetched via the odoo-ai all <model> command in Step 1 of the development workflow in SKILL.md.
  • Boundary markers: Not explicitly defined in the instructions for separating tool-provided metadata from system instructions.
  • Capability inventory: The skill includes instructions for modifying Python source code and executing tests via the odoo-testing tool.
  • Sanitization: There are no explicit instructions to sanitize or validate the content returned from the introspection commands before processing it for code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — odoo-dev