odoo-dev
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill identifies a workflow where the agent ingests extensive metadata from a running Odoo instance (via the
odoo-introspectskill) to inform its coding decisions. This creates a surface where data from the environment (e.g., field help text or view architectures) is treated as authoritative context. If an attacker controls the target Odoo environment's metadata, they could attempt to influence the agent's generated code. However, this is an inherent and expected risk factor for development tools interacting with external systems. - Ingestion points: Data fetched via the
odoo-ai all <model>command in Step 1 of the development workflow inSKILL.md. - Boundary markers: Not explicitly defined in the instructions for separating tool-provided metadata from system instructions.
- Capability inventory: The skill includes instructions for modifying Python source code and executing tests via the
odoo-testingtool. - Sanitization: There are no explicit instructions to sanitize or validate the content returned from the introspection commands before processing it for code generation.
Audit Metadata