The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It is designed to ingest data from external Odoo records through scripts/odoo_query.py. Since this data comes from potentially untrusted Odoo environments and the skill does not use boundary markers or sanitization, malicious instructions embedded in Odoo fields could potentially override the agent's behavior.
[DATA_EXFILTRATION]: The skill manages connection credentials in a local configuration file at ~/.config/odoorpc/config.yaml. It follows security best practices by using os.chmod in scripts/odoo_common.py to enforce restrictive permissions (0700 for the directory and 0600 for the file), ensuring that only the current user can access the stored secrets.
[EXTERNAL_DOWNLOADS]: The scripts utilize the odoorpc and PyYAML Python packages. These are well-known, legitimate libraries required for the skill's core functionality and are declared in the uv script metadata sections.

odoorpc-agent-skill