odoo
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill relies on an indirect prompt injection surface by instructing the agent to ingest runtime data from an Odoo instance to inform its code generation and modification tasks.
- Ingestion points: External data enters the agent's context through tools like
odoo-ai all <model>andodoo-ai surface, which retrieve JSON briefs containing field definitions, MRO, and view architectures (SKILL.md). - Boundary markers: The instructions lack explicit boundary markers or warnings directing the agent to ignore instructions that might be embedded within the retrieved introspection data.
- Capability inventory: The suite provides the agent with the ability to write and modify Python code (
odoo-dev), XML views (odoo-views), and JavaScript components (odoo-owl). - Sanitization: There is no mention of sanitizing or validating the retrieved Odoo metadata before it is processed by the AI to generate code.
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to execute various commands using the
odoo-aiCLI tool for discovery and introspection. - Evidence: The instructions include commands such as
odoo-ai native-check,odoo-ai capabilities,odoo-ai all,odoo-ai surface, andodoo-ai esg.
Audit Metadata