odoo-docs

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation content from Odoo's official GitHub repository (odoo/documentation) to build a local TF-IDF index.
  • [COMMAND_EXECUTION]: Utilizes the odoo-ai CLI tool to perform maintenance and query operations, such as docs-build and docs search.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external documentation files which could theoretically contain misleading instructions.
  • Ingestion points: Markdown and RST files from the odoo/documentation repository.
  • Boundary markers: The skill explicitly instructs the agent to treat documentation as subordinate to live instance introspection and includes a _caveat in JSON outputs.
  • Capability inventory: File system writes to ~/.odoo-ai and network access via git (triggered by odoo-ai docs-build).
  • Sanitization: Employs a 'trust the instance' workflow where results must be verified against the running Odoo database before being used.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — odoo-docs