odoo-review

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides a structured methodology for auditing Odoo modules for common vulnerabilities, including improper use of sudo(), missing access controls, and potential SQL injection vulnerabilities.
  • [COMMAND_EXECUTION]: The skill utilizes a suite of internal command-line tools (e.g., odoo-ai validate, odoo-ai all, odoo-ai trace) to perform static analysis and runtime introspection, which is consistent with its stated goal.
  • [DATA_EXFILTRATION]: The skill explicitly advises on using redaction and secret-scanning tools (odoo-ai redact, odoo-ai scan-secrets) to prevent accidental exposure of sensitive information when interacting with external models.
  • [PROMPT_INJECTION]: The skill processes untrusted data (Odoo code diffs and pull requests), which presents an indirect prompt injection surface.
  • Ingestion points: The skill reads code diffs and module files provided by the user (SKILL.md).
  • Boundary markers: The skill does not define specific delimiters for untrusted content but suggests validation steps before processing.
  • Capability inventory: The skill executes shell commands for code validation and metadata extraction (SKILL.md).
  • Sanitization: The skill recommends the use of redaction tools to sanitize data before it is processed by external components.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — odoo-review