odoo-frontend
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill uses external data sources, specifically Figma design URLs and live website URLs via Chrome DevTools, to inform its code generation process. Maliciously crafted designs or websites could contain hidden instructions intended to hijack the agent's logic or inject vulnerabilities into the generated Odoo modules.
- [COMMAND_EXECUTION]: Automated Scaffolding and Refactoring. The skill relies on a suite of internal Python scripts and bash commands to generate module structures, modify existing Odoo models, and perform installations. These scripts perform extensive filesystem operations, including creating directories and writing Python, SCSS, and JavaScript files based on user-provided names and configurations.
Audit Metadata