odoo-edi-connector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes example code that assigns and uses credentials directly (e.g., pwd = "api_key" passed to xmlrpc calls), which encourages embedding secret values verbatim in generated code/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and Example 1 explicitly show the agent parsing incoming third-party EDI files (e.g., process_850(edi_file_path) parsing partner EDI 850s) and using that data to create Odoo records, which means untrusted partner-supplied content is ingested and directly drives actions.