odoo-service
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits surfaces for indirect prompt injection (Category 8) by processing configuration data and CLI arguments that influence command execution.\n
- Ingestion points: The scripts server_manager.py, db_manager.py, and docker_manager.py ingest database names, module names, and passwords from CLI arguments, .conf files, and .env files.\n
- Boundary markers: The skill lacks input validation or delimiters for these parameters when used in command construction.\n
- Capability inventory: The skill has capabilities to execute subprocesses, kill system processes, and perform direct database operations via psql.\n
- Sanitization: Values are interpolated directly into shell command strings (using f-strings) and executed via bash -c in docker_manager.py, and into SQL strings in db_manager.py, providing surfaces for injection.\n- [COMMAND_EXECUTION]: Core server and database management tasks are performed by executing external utilities (Odoo, psql, pg_dump, docker-compose) using subprocess.run.\n- [EXTERNAL_DOWNLOADS]: Dockerfiles and scripts download dependencies and the wkhtmltopdf binary from official GitHub repositories and package registries during environment setup.\n- [CREDENTIALS_UNSAFE]: The skill's documentation and template files include default development credentials, such as admin_passwd = 123 and db_password = odoo.
Audit Metadata