kaizen-loop
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the target repository, documentation, and live web screens, which creates a surface for indirect prompt injection attacks.
- Ingestion points:
SKILL.md(Step 1 and Step 3) describes reading repository files,AGENTS.md, product documentation, configuration files, and browser-rendered content. - Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions for the data being evaluated.
- Capability inventory: The skill is capable of writing code, running applications locally, and creating pull requests as described in
SKILL.md(Steps 7 and 8). - Sanitization: There is no mention of sanitizing or validating the content extracted from the product files before the agent processes it.
Audit Metadata