kaizen
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that attempt to override the agent's default operational behavior and bypass user-requested autonomy. Phrases such as 'Invoke this skill automatically — without being asked', 'This skill is compulsory', and 'Do not wait to be asked' in the frontmatter and body are designed to force the agent into a specific execution loop regardless of the user's immediate intent.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8). It ingests untrusted data from user corrections and redirects (ingestion point: SKILL.md signals) and persists this content to the project's file system in the
kaizen/directory andAGENTS.md(capability: file-write). The instructions lack any requirement for boundary markers to isolate the user-provided data or sanitization routines to filter potential malicious instructions, which could lead to stored cross-session prompt injection attacks if the agent later reads these files.
Audit Metadata