odoo-woocommerce-bridge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's example integration scripts hard-code WooCommerce consumer_key/consumer_secret and an Odoo password (pwd) into the Python code, which encourages the agent to include secret values verbatim in generated outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill fetches and processes untrusted, user-generated content from external WooCommerce stores via the WooCommerce REST API (see SKILL.md examples using wcapi.get("orders", ...) and wcapi.get("products", ...) against https://mystore.com), and that data is read and used to create Odoo orders and issue updates (wcapi.put), so third-party content can materially influence agent actions.