odoo-edi-connector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's examples show embedding an Odoo password/API key directly in code (pwd used in XML-RPC calls), which encourages generating outputs that include secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and Example 1 explicitly show the agent parsing incoming third-party EDI files (e.g., process_850(edi_file_path) parsing partner EDI 850s) and using that data to create Odoo records, which means untrusted partner-supplied content is ingested and directly drives actions.