kaizen-loop

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the target repository, documentation, and live web screens, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: SKILL.md (Step 1 and Step 3) describes reading repository files, AGENTS.md, product documentation, configuration files, and browser-rendered content.
  • Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions for the data being evaluated.
  • Capability inventory: The skill is capable of writing code, running applications locally, and creating pull requests as described in SKILL.md (Steps 7 and 8).
  • Sanitization: There is no mention of sanitizing or validating the content extracted from the product files before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:09 AM
Security Audit — agent-trust-hub — kaizen-loop