odoo-review
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured methodology for auditing Odoo modules for common vulnerabilities, including improper use of
sudo(), missing access controls, and potential SQL injection vulnerabilities. - [COMMAND_EXECUTION]: The skill utilizes a suite of internal command-line tools (e.g.,
odoo-ai validate,odoo-ai all,odoo-ai trace) to perform static analysis and runtime introspection, which is consistent with its stated goal. - [DATA_EXFILTRATION]: The skill explicitly advises on using redaction and secret-scanning tools (
odoo-ai redact,odoo-ai scan-secrets) to prevent accidental exposure of sensitive information when interacting with external models. - [PROMPT_INJECTION]: The skill processes untrusted data (Odoo code diffs and pull requests), which presents an indirect prompt injection surface.
- Ingestion points: The skill reads code diffs and module files provided by the user (SKILL.md).
- Boundary markers: The skill does not define specific delimiters for untrusted content but suggests validation steps before processing.
- Capability inventory: The skill executes shell commands for code validation and metadata extraction (SKILL.md).
- Sanitization: The skill recommends the use of redaction tools to sanitize data before it is processed by external components.
Audit Metadata