odoo-edi-connector
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No high-severity malicious patterns, such as direct prompt injection, obfuscation, or unauthorized data exfiltration, were detected.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests the use of the
pyx12Python library. This is a standard and reputable package for processing X12 EDI files.\n- [SAFE]: Code examples for connecting to Odoo utilize placeholder values for URLs and credentials (e.g., 'api_key'), which is appropriate for instructional material and does not leak real secrets.\n- [PROMPT_INJECTION]: The skill processes external EDI transactions, which introduces an indirect prompt injection surface.\n - Ingestion points: The
process_850function inSKILL.mdaccepts external EDI files for parsing.\n - Boundary markers: The code does not implement specific delimiters or instructions for the model to ignore embedded content within the parsed segments.\n
- Capability inventory: The skill utilizes the
xmlrpc.clientlibrary to perform searches and record creation within an Odoo database.\n - Sanitization: While the code performs basic type casting for numeric fields, it does not sanitize or validate text data extracted from EDI segments before using it in Odoo API calls.
Audit Metadata