odoo-commit-message-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by using untrusted user input to construct shell commands.
- Ingestion points: User-provided inputs such as 'module name', 'change intent', and 'WHY rationale' defined in
SKILL.md. - Boundary markers: The instructions lack specific delimiters or boundary markers to isolate user-provided text from the command structure.
- Capability inventory: The skill explicitly directs the agent to offer executing
git commit -mcommands based on the generated text (found in the 'Response Behavior' section ofSKILL.md). - Sanitization: There are no instructions for the agent to sanitize, escape, or validate the user-provided content before it is suggested for execution in a shell environment.
- [EXTERNAL_DOWNLOADS]: The reference files (
references/CONTRIBUTING.mdandreferences/git_guidelines.md) include links to official Odoo and OCA (Odoo Community Association) documentation on GitHub. These are well-known, trusted sources used for policy justification and are documented neutrally.
Audit Metadata